Search

Find a vulnerability

Search criteria

    21 vulnerabilities found for m4300-24x by netgear

    VAR-202004-1384

    Vulnerability from variot - Updated: 2024-11-23 23:11

    Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. NETGEAR M4300-28G, etc. are all managed switches of NETGEAR. The vulnerability stems from the lack of correct verification of client data in WEB applications. An attacker can use this vulnerability to execute client code

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1384",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "m4300-28g",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-8x8f",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-12x12f",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x24f",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-48x",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4200",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g-poe\\+",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g-poe\\+",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-12x12f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x24f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g-poe+",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-48x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g-poe+",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-8x8f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g-poe+",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g-poe+",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-52965"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014930"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18821"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4200_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-12x12f_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-24x_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-24x24f_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-28g_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-28g-poe%2b_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-48x_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-52g_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-52g-poe%2b_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-8x8f_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014930"
          }
        ]
      },
      "cve": "CVE-2017-18821",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CVE-2017-18821",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 3.5,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-014930",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CNVD-2021-52965",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.7,
                "id": "CVE-2017-18821",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "cve@mitre.org",
                "availabilityImpact": "LOW",
                "baseScore": 5.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.1,
                "id": "CVE-2017-18821",
                "impactScore": 3.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.8,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-014930",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "High",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-18821",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "cve@mitre.org",
                "id": "CVE-2017-18821",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2017-014930",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-52965",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202004-1791",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-52965"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014930"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1791"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18821"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18821"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. NETGEAR M4300-28G, etc. are all managed switches of NETGEAR. The vulnerability stems from the lack of correct verification of client data in WEB applications. An attacker can use this vulnerability to execute client code",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-18821"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014930"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-52965"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-18821",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014930",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-52965",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1791",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-52965"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014930"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1791"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18821"
          }
        ]
      },
      "id": "VAR-202004-1384",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-52965"
          }
        ],
        "trust": 1.072449505
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-52965"
          }
        ]
      },
      "last_update_date": "2024-11-23T23:11:27.053000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Security Advisory for Store Cross Site Scripting Vulnerability on Some Fully Managed Switches, PSV-2017-1948",
            "trust": 0.8,
            "url": "https://kb.netgear.com/000049044/Security-Advisory-for-Store-Cross-Site-Scripting-on-Some-Fully-Managed-Switches-PSV-2017-1948"
          },
          {
            "title": "Patch for Cross-site scripting vulnerabilities in multiple NETGEAR products (CNVD-2021-52965)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/280071"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-52965"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014930"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014930"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18821"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18821"
          },
          {
            "trust": 1.6,
            "url": "https://kb.netgear.com/000049044/security-advisory-for-store-cross-site-scripting-on-some-fully-managed-switches-psv-2017-1948"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18821"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-52965"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014930"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1791"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18821"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-52965"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014930"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1791"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18821"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-07-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-52965"
          },
          {
            "date": "2020-05-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014930"
          },
          {
            "date": "2020-04-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-1791"
          },
          {
            "date": "2020-04-21T14:15:11.083000",
            "db": "NVD",
            "id": "CVE-2017-18821"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-07-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-52965"
          },
          {
            "date": "2020-05-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014930"
          },
          {
            "date": "2020-04-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-1791"
          },
          {
            "date": "2024-11-21T03:21:00.443000",
            "db": "NVD",
            "id": "CVE-2017-18821"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1791"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  NETGEAR Cross-site scripting vulnerabilities in devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014930"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1791"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202004-1392

    Vulnerability from variot - Updated: 2024-11-23 23:07

    Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A vulnerability exists in the device regarding permission management.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR M4300-28G, etc. are all managed switches of NETGEAR.

    There are security vulnerabilities in many NETGEAR products. Attackers can use this vulnerability to elevate permissions

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1392",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "m4300-28g",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-8x8f",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-12x12f",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x24f",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-48x",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4200",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g-poe\\+",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g-poe\\+",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-12x12f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x24f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g-poe+",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-48x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g-poe+",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-8x8f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g-poe+",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g-poe+",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-66981"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014870"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18829"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4200_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-12x12f_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-24x_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-24x24f_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-28g_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-28g-poe%2b_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-48x_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-52g_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-52g-poe%2b_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-8x8f_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014870"
          }
        ]
      },
      "cve": "CVE-2017-18829",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CVE-2017-18829",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 4.6,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-014870",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2021-66981",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2017-18829",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "cve@mitre.org",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2017-18829",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-014870",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-18829",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "cve@mitre.org",
                "id": "CVE-2017-18829",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2017-014870",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-66981",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-66981"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014870"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18829"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18829"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A vulnerability exists in the device regarding permission management.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR M4300-28G, etc. are all managed switches of NETGEAR. \n\r\n\r\nThere are security vulnerabilities in many NETGEAR products. Attackers can use this vulnerability to elevate permissions",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-18829"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014870"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-66981"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-18829",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014870",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-66981",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1635",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-66981"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014870"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1635"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18829"
          }
        ]
      },
      "id": "VAR-202004-1392",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-66981"
          }
        ],
        "trust": 1.072449505
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-66981"
          }
        ]
      },
      "last_update_date": "2024-11-23T23:07:58.684000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Security Advisory for Vertical Privilege Escalation on Some Fully Managed Switches, PSV-2017-1937",
            "trust": 0.8,
            "url": "https://kb.netgear.com/000049032/Security-Advisory-for-Vertical-Privilege-Escalation-on-Some-Fully-Managed-Switches-PSV-2017-1937"
          },
          {
            "title": "Patch for Privilege escalation vulnerabilities in multiple NETGEAR products (CNVD-2021-66981)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/288746"
          },
          {
            "title": "Multiple NETGEAR Product security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116211"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-66981"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014870"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1635"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-269",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014870"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18829"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18829"
          },
          {
            "trust": 1.6,
            "url": "https://kb.netgear.com/000049032/security-advisory-for-vertical-privilege-escalation-on-some-fully-managed-switches-psv-2017-1937"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18829"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-66981"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014870"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1635"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18829"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-66981"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014870"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1635"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18829"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-08-31T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-66981"
          },
          {
            "date": "2020-05-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014870"
          },
          {
            "date": "2020-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-1635"
          },
          {
            "date": "2020-04-20T17:15:13.930000",
            "db": "NVD",
            "id": "CVE-2017-18829"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-08-31T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-66981"
          },
          {
            "date": "2020-05-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014870"
          },
          {
            "date": "2020-04-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-1635"
          },
          {
            "date": "2024-11-21T03:21:01.787000",
            "db": "NVD",
            "id": "CVE-2017-18829"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  NETGEAR Device permission management vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014870"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1635"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202004-1386

    Vulnerability from variot - Updated: 2024-11-23 23:04

    Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR An unspecified vulnerability exists in the device.Information may be tampered with

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1386",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "m4300-48x",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g-poe\\+",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g-poe\\+",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4200",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-12x12f",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-8x8f",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x24f",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-12x12f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x24f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g-poe+",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-48x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g-poe+",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-8x8f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014867"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18823"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4200_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-12x12f_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-24x_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-24x24f_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-28g_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-28g-poe%2b_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-48x_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-52g_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-52g-poe%2b_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-8x8f_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014867"
          }
        ]
      },
      "cve": "CVE-2017-18823",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 2.1,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2017-18823",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 1.0,
                "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 2.1,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-014867",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 1.8,
                "id": "CVE-2017-18823",
                "impactScore": 3.6,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "cve@mitre.org",
                "availabilityImpact": "HIGH",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.5,
                "id": "CVE-2017-18823",
                "impactScore": 5.2,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-014867",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-18823",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "cve@mitre.org",
                "id": "CVE-2017-18823",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2017-014867",
                "trust": 0.8,
                "value": "Medium"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014867"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18823"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18823"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR An unspecified vulnerability exists in the device.Information may be tampered with",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-18823"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014867"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-18823",
            "trust": 2.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014867",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1628",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014867"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1628"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18823"
          }
        ]
      },
      "id": "VAR-202004-1386",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.472449505
      },
      "last_update_date": "2024-11-23T23:04:25.111000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Security Advisory for Security Misconfiguration on Some Fully Managed Switches, PSV-2017-1943",
            "trust": 0.8,
            "url": "https://kb.netgear.com/000049042/Security-Advisory-for-Security-Misconfiguration-on-Some-Fully-Managed-Switches-PSV-2017-1943"
          },
          {
            "title": "Multiple NETGEAR Product security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116201"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014867"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1628"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-18823"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://kb.netgear.com/000049042/security-advisory-for-security-misconfiguration-on-some-fully-managed-switches-psv-2017-1943"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18823"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18823"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014867"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1628"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18823"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014867"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1628"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18823"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-05-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014867"
          },
          {
            "date": "2020-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-1628"
          },
          {
            "date": "2020-04-20T17:15:12.553000",
            "db": "NVD",
            "id": "CVE-2017-18823"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-05-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014867"
          },
          {
            "date": "2020-04-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-1628"
          },
          {
            "date": "2024-11-21T03:21:00.777000",
            "db": "NVD",
            "id": "CVE-2017-18823"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  NETGEAR Vulnerabilities in devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014867"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1628"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202004-1330

    Vulnerability from variot - Updated: 2024-11-23 22:58

    Certain NETGEAR devices are affected by command execution. This affects M4200-10MG-POE+ 12.0.2.11 and earlier, M4300-28G 12.0.2.11 and earlier, M4300-52G 12.0.2.11 and earlier, M4300-28G-POE+ 12.0.2.11 and earlier, M4300-52G-POE+ 12.0.2.11 and earlier, M4300-8X8F 12.0.2.11 and earlier, M4300-12X12F 12.0.2.11 and earlier, M4300-24X24F 12.0.2.11 and earlier, M4300-24X 12.0.2.11 and earlier, and M4300-48X 12.0.2.11 and earlier. plural NETGEAR On the device OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR M4300-28G, etc. are all managed switches of NETGEAR.

    There are security vulnerabilities in many NETGEAR products. Attackers can use this vulnerability to take over the switch, access configuration files or interrupt the operation of the switch. This affects M4200-10MG-POE+ 12.0.2.11 and previous versions, M4300-28G 12.0.2.11 and previous versions, M4300-52G 12.0.2.11 and previous versions, M4300-28G-POE+ 12.0.2.11 and previous versions, M4300-52G-POE+ 12.0.2.11 and previous versions, M4300-8X8F 12.0.2.11 and previous versions, M4300-12X12F 12.0.2.11 and previous versions, M4300-24X24F 12.0.2.11 and previous versions, M4300-24X 12.0.2.11 and previous versions, and M4300-48X 12.0.2.11 and previous versions

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1330",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "m4300-52g",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.11"
          },
          {
            "model": "m4300-8x8f",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.11"
          },
          {
            "model": "m4300-24x",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.11"
          },
          {
            "model": "m4300-28g",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.11"
          },
          {
            "model": "m4300-48x",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.11"
          },
          {
            "model": "m4200-10mg-poe\\+",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.11"
          },
          {
            "model": "m4300-52g-poe\\+",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.11"
          },
          {
            "model": "m4300-28g-poe\\+",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.11"
          },
          {
            "model": "m4300-24x24f",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.11"
          },
          {
            "model": "m4300-12x12f",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.11"
          },
          {
            "model": "m4200-10mg-poe+",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "netgear",
            "version": "12.0.2.11"
          },
          {
            "model": "m4300-12x12f",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "netgear",
            "version": "12.0.2.11"
          },
          {
            "model": "m4300-24x24f",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "netgear",
            "version": "12.0.2.11"
          },
          {
            "model": "m4300-24x",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "netgear",
            "version": "12.0.2.11"
          },
          {
            "model": "m4300-28g-poe+",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "netgear",
            "version": "12.0.2.11"
          },
          {
            "model": "m4300-28g",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "netgear",
            "version": "12.0.2.11"
          },
          {
            "model": "m4300-48x",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "netgear",
            "version": "12.0.2.11"
          },
          {
            "model": "m4300-52g-poe+",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "netgear",
            "version": "12.0.2.11"
          },
          {
            "model": "m4300-52g",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "netgear",
            "version": "12.0.2.11"
          },
          {
            "model": "m4300-8x8f",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "netgear",
            "version": "12.0.2.11"
          },
          {
            "model": "m4200-10mg-poe+",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "\u003c=12.0.2.11"
          },
          {
            "model": "m4300-28g",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "\u003c=12.0.2.11"
          },
          {
            "model": "m4300-52g",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "\u003c=12.0.2.11"
          },
          {
            "model": "m4300-28g-poe+",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "\u003c=12.0.2.11"
          },
          {
            "model": "m4300-52g-poe+",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "\u003c=12.0.2.11"
          },
          {
            "model": "m4300-8x8f",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "\u003c=12.0.2.11"
          },
          {
            "model": "m4300-12x12f",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "\u003c=12.0.2.11"
          },
          {
            "model": "m4300-24x24f",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "\u003c=12.0.2.11"
          },
          {
            "model": "m4300-24x",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "\u003c=12.0.2.11"
          },
          {
            "model": "m4300-48x",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "\u003c=12.0.2.11"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-48926"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-18858"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014986"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18858"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4200-10mg-poe%2b_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-12x12f_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-24x_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-24x24f_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-28g_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-28g-poe%2b_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-48x_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-52g_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-52g-poe%2b_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-8x8f_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014986"
          }
        ]
      },
      "cve": "CVE-2017-18858",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2017-18858",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 10.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-014986",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2021-48926",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2017-18858",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-014986",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-18858",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2017-014986",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-48926",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202004-2308",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2017-18858",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-48926"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-18858"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014986"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2308"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18858"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Certain NETGEAR devices are affected by command execution. This affects M4200-10MG-POE+ 12.0.2.11 and earlier, M4300-28G 12.0.2.11 and earlier, M4300-52G 12.0.2.11 and earlier, M4300-28G-POE+ 12.0.2.11 and earlier, M4300-52G-POE+ 12.0.2.11 and earlier, M4300-8X8F 12.0.2.11 and earlier, M4300-12X12F 12.0.2.11 and earlier, M4300-24X24F 12.0.2.11 and earlier, M4300-24X 12.0.2.11 and earlier, and M4300-48X 12.0.2.11 and earlier. plural NETGEAR On the device OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR M4300-28G, etc. are all managed switches of NETGEAR. \n\r\n\r\nThere are security vulnerabilities in many NETGEAR products. Attackers can use this vulnerability to take over the switch, access configuration files or interrupt the operation of the switch. This affects M4200-10MG-POE+ 12.0.2.11 and previous versions, M4300-28G 12.0.2.11 and previous versions, M4300-52G 12.0.2.11 and previous versions, M4300-28G-POE+ 12.0.2.11 and previous versions, M4300-52G-POE+ 12.0.2.11 and previous versions, M4300-8X8F 12.0.2.11 and previous versions, M4300-12X12F 12.0.2.11 and previous versions, M4300-24X24F 12.0.2.11 and previous versions, M4300-24X 12.0.2.11 and previous versions, and M4300-48X 12.0.2.11 and previous versions",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-18858"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014986"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-48926"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-18858"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-18858",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014986",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-48926",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2308",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-18858",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-48926"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-18858"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014986"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2308"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18858"
          }
        ]
      },
      "id": "VAR-202004-1330",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-48926"
          }
        ],
        "trust": 1.093055568
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-48926"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:58:18.672000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Security Advisory for Unauthenticated Remote Code Execution on M4200 and M4300, PSV-2017-1971",
            "trust": 0.8,
            "url": "https://kb.netgear.com/000038655/Security-Advisory-for-Unauthenticated-Remote-Code-Execution-on-M4200-and-M4300-PSV-2017-1971"
          },
          {
            "title": "Patch for Operating system command injection vulnerabilities in multiple NETGEAR products (CNVD-2021-48926)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/277346"
          },
          {
            "title": "Multiple NETGEAR Product operating system command injection vulnerability fixes",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117918"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-48926"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014986"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2308"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014986"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18858"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18858"
          },
          {
            "trust": 1.7,
            "url": "https://kb.netgear.com/000038655/security-advisory-for-unauthenticated-remote-code-execution-on-m4200-and-m4300-psv-2017-1971"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18858"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/78.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-48926"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-18858"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014986"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2308"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18858"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-48926"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-18858"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014986"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2308"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18858"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-07-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-48926"
          },
          {
            "date": "2020-04-28T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-18858"
          },
          {
            "date": "2020-06-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014986"
          },
          {
            "date": "2020-04-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-2308"
          },
          {
            "date": "2020-04-28T17:15:12.663000",
            "db": "NVD",
            "id": "CVE-2017-18858"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-07-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-48926"
          },
          {
            "date": "2020-05-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-18858"
          },
          {
            "date": "2020-06-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014986"
          },
          {
            "date": "2020-05-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-2308"
          },
          {
            "date": "2024-11-21T03:21:06.620000",
            "db": "NVD",
            "id": "CVE-2017-18858"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2308"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  NETGEAR On the device  OS Command injection vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014986"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2308"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202004-1393

    Vulnerability from variot - Updated: 2024-11-23 22:58

    Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A vulnerability exists in the device regarding permission management.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR M4300-28G, etc. are all managed switches of NETGEAR.

    There are security vulnerabilities in many NETGEAR products. Attackers can use this vulnerability to elevate permissions

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1393",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "m4300-28g",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-8x8f",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-12x12f",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x24f",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-48x",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4200",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g-poe\\+",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g-poe\\+",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-12x12f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x24f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g-poe+",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-48x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g-poe+",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-8x8f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g-poe+",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g-poe+",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-66982"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014871"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18830"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4200_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-12x12f_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-24x_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-24x24f_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-28g_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-28g-poe%2b_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-48x_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-52g_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-52g-poe%2b_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-8x8f_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014871"
          }
        ]
      },
      "cve": "CVE-2017-18830",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CVE-2017-18830",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 4.6,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-014871",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2021-66982",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2017-18830",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "cve@mitre.org",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2017-18830",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-014871",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-18830",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "cve@mitre.org",
                "id": "CVE-2017-18830",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2017-014871",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-66982",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-66982"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014871"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18830"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18830"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A vulnerability exists in the device regarding permission management.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR M4300-28G, etc. are all managed switches of NETGEAR. \n\r\n\r\nThere are security vulnerabilities in many NETGEAR products. Attackers can use this vulnerability to elevate permissions",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-18830"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014871"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-66982"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-18830",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014871",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-66982",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1636",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-66982"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014871"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1636"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18830"
          }
        ]
      },
      "id": "VAR-202004-1393",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-66982"
          }
        ],
        "trust": 1.072449505
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-66982"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:58:18.594000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Security Advisory for Vertical Privilege Escalation on Some Fully Managed Switches, PSV-2017-1205",
            "trust": 0.8,
            "url": "https://kb.netgear.com/000049021/Security-Advisory-for-Vertical-Privilege-Escalation-on-Some-Fully-Managed-Switches-PSV-2017-1205"
          },
          {
            "title": "Patch for Privilege escalation vulnerabilities in multiple NETGEAR products (CNVD-2021-66982)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/288741"
          },
          {
            "title": "Multiple NETGEAR Product security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116231"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-66982"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014871"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1636"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-269",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014871"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18830"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18830"
          },
          {
            "trust": 1.6,
            "url": "https://kb.netgear.com/000049021/security-advisory-for-vertical-privilege-escalation-on-some-fully-managed-switches-psv-2017-1205"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18830"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-66982"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014871"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1636"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18830"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-66982"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014871"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1636"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18830"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-08-31T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-66982"
          },
          {
            "date": "2020-05-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014871"
          },
          {
            "date": "2020-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-1636"
          },
          {
            "date": "2020-04-20T17:15:14.163000",
            "db": "NVD",
            "id": "CVE-2017-18830"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-08-31T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-66982"
          },
          {
            "date": "2020-05-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014871"
          },
          {
            "date": "2020-04-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-1636"
          },
          {
            "date": "2024-11-21T03:21:01.960000",
            "db": "NVD",
            "id": "CVE-2017-18830"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  NETGEAR Device permission management vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014871"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1636"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202004-1399

    Vulnerability from variot - Updated: 2024-11-23 22:55

    Certain NETGEAR devices are affected by denial of service. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR An unspecified vulnerability exists in the device.Service operation interruption (DoS) It may be put into a state. NETGEAR M4300-28G, etc. are all managed switches of NETGEAR.

    There are security vulnerabilities in many NETGEAR products

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1399",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "m4300-28g",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-8x8f",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-12x12f",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x24f",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-48x",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4200",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g-poe\\+",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g-poe\\+",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-12x12f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x24f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g-poe+",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-48x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g-poe+",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-8x8f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g-poe+",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g-poe+",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-63376"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014872"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18836"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4200_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-12x12f_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-24x_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-24x24f_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-28g_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-28g-poe%2b_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-48x_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-52g_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-52g-poe%2b_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-8x8f_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014872"
          }
        ]
      },
      "cve": "CVE-2017-18836",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 2.1,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2017-18836",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 1.0,
                "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 2.1,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-014872",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 2.1,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2021-63376",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.5,
                "id": "CVE-2017-18836",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "cve@mitre.org",
                "availabilityImpact": "HIGH",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.5,
                "id": "CVE-2017-18836",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 6.2,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-014872",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-18836",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "cve@mitre.org",
                "id": "CVE-2017-18836",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2017-014872",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-63376",
                "trust": 0.6,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-63376"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014872"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18836"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18836"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Certain NETGEAR devices are affected by denial of service. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR An unspecified vulnerability exists in the device.Service operation interruption (DoS) It may be put into a state. NETGEAR M4300-28G, etc. are all managed switches of NETGEAR. \n\r\n\r\nThere are security vulnerabilities in many NETGEAR products",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-18836"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014872"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-63376"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-18836",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014872",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-63376",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1641",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-63376"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014872"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1641"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18836"
          }
        ]
      },
      "id": "VAR-202004-1399",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-63376"
          }
        ],
        "trust": 1.072449505
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-63376"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:55:10.486000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Security Advisory for Denial of Service on Some Fully Managed Switches, PSV-2017-1959",
            "trust": 0.8,
            "url": "https://kb.netgear.com/000049026/Security-Advisory-for-Denial-of-Service-on-Some-Fully-Managed-Switches-PSV-2017-1959"
          },
          {
            "title": "Patch for Denial of service vulnerabilities in multiple NETGEAR products",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/287141"
          },
          {
            "title": "Multiple NETGEAR Product security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116238"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-63376"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014872"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1641"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-18836"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18836"
          },
          {
            "trust": 1.6,
            "url": "https://kb.netgear.com/000049026/security-advisory-for-denial-of-service-on-some-fully-managed-switches-psv-2017-1959"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18836"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-63376"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014872"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1641"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18836"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-63376"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014872"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1641"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18836"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-08-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-63376"
          },
          {
            "date": "2020-05-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014872"
          },
          {
            "date": "2020-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-1641"
          },
          {
            "date": "2020-04-20T17:15:15.070000",
            "db": "NVD",
            "id": "CVE-2017-18836"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-08-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-63376"
          },
          {
            "date": "2020-05-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014872"
          },
          {
            "date": "2020-04-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-1641"
          },
          {
            "date": "2024-11-21T03:21:02.987000",
            "db": "NVD",
            "id": "CVE-2017-18836"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  NETGEAR Vulnerabilities in devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014872"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1641"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202004-1390

    Vulnerability from variot - Updated: 2024-11-23 22:51

    Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. NETGEAR M4300-28G, etc. are all managed switches of NETGEAR. The vulnerability stems from the lack of correct verification of client data in WEB applications. An attacker can use this vulnerability to execute client code

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1390",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "m4300-28g",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-8x8f",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-12x12f",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x24f",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-48x",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4200",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g-poe\\+",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g-poe\\+",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-12x12f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x24f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g-poe+",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-48x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g-poe+",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-8x8f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g-poe+",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g-poe+",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-59152"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014850"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18827"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4200_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-12x12f_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-24x_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-24x24f_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-28g_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-28g-poe%2b_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-48x_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-52g_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-52g-poe%2b_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-8x8f_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014850"
          }
        ]
      },
      "cve": "CVE-2017-18827",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CVE-2017-18827",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 3.5,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-014850",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CNVD-2021-59152",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.7,
                "id": "CVE-2017-18827",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "cve@mitre.org",
                "availabilityImpact": "LOW",
                "baseScore": 5.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.1,
                "id": "CVE-2017-18827",
                "impactScore": 3.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.8,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-014850",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "High",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-18827",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "cve@mitre.org",
                "id": "CVE-2017-18827",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2017-014850",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-59152",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202004-1632",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-59152"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014850"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1632"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18827"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18827"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. NETGEAR M4300-28G, etc. are all managed switches of NETGEAR. The vulnerability stems from the lack of correct verification of client data in WEB applications. An attacker can use this vulnerability to execute client code",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-18827"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014850"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-59152"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-18827",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014850",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-59152",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1632",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-59152"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014850"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1632"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18827"
          }
        ]
      },
      "id": "VAR-202004-1390",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-59152"
          }
        ],
        "trust": 1.072449505
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-59152"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:51:26.743000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Security Advisory for Stored Cross Site Scripting on Some Fully Managed Switches, PSV -2017-1939",
            "trust": 0.8,
            "url": "https://kb.netgear.com/000049038/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Fully-Managed-Switches-PSV-2017-1939"
          },
          {
            "title": "Patch for Cross-site scripting vulnerabilities in multiple NETGEAR products (CNVD-2021-59152)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/284411"
          },
          {
            "title": "Multiple NETGEAR Fixes for product cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116952"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-59152"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014850"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1632"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014850"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18827"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18827"
          },
          {
            "trust": 1.6,
            "url": "https://kb.netgear.com/000049038/security-advisory-for-stored-cross-site-scripting-on-some-fully-managed-switches-psv-2017-1939"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18827"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-59152"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014850"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1632"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18827"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-59152"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014850"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1632"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18827"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-08-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-59152"
          },
          {
            "date": "2020-05-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014850"
          },
          {
            "date": "2020-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-1632"
          },
          {
            "date": "2020-04-20T17:15:13.477000",
            "db": "NVD",
            "id": "CVE-2017-18827"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-08-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-59152"
          },
          {
            "date": "2020-05-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014850"
          },
          {
            "date": "2020-04-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-1632"
          },
          {
            "date": "2024-11-21T03:21:01.447000",
            "db": "NVD",
            "id": "CVE-2017-18827"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1632"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  NETGEAR Cross-site scripting vulnerabilities in devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014850"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1632"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202004-1388

    Vulnerability from variot - Updated: 2024-11-23 22:48

    Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1388",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "m4300-48x",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g-poe\\+",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g-poe\\+",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4200",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-12x12f",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-8x8f",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x24f",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-12x12f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x24f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g-poe+",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-48x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g-poe+",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-8x8f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014849"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18825"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4200_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-12x12f_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-24x_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-24x24f_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-28g_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-28g-poe%2b_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-48x_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-52g_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-52g-poe%2b_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-8x8f_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014849"
          }
        ]
      },
      "cve": "CVE-2017-18825",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CVE-2017-18825",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 3.5,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-014849",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.7,
                "id": "CVE-2017-18825",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "cve@mitre.org",
                "availabilityImpact": "LOW",
                "baseScore": 5.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.1,
                "id": "CVE-2017-18825",
                "impactScore": 3.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.8,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-014849",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "High",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-18825",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "cve@mitre.org",
                "id": "CVE-2017-18825",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2017-014849",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202004-1631",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014849"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1631"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18825"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18825"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-18825"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014849"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-18825",
            "trust": 2.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014849",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1631",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014849"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1631"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18825"
          }
        ]
      },
      "id": "VAR-202004-1388",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.472449505
      },
      "last_update_date": "2024-11-23T22:48:01.591000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Security Advisory for Stored Cross Site Scripting on Some Fully Managed Switches, PSV -2017-1941",
            "trust": 0.8,
            "url": "https://kb.netgear.com/000049040/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Fully-Managed-Switches-PSV-2017-1941"
          },
          {
            "title": "Multiple NETGEAR Fixes for product cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116951"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014849"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1631"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014849"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18825"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://kb.netgear.com/000049040/security-advisory-for-stored-cross-site-scripting-on-some-fully-managed-switches-psv-2017-1941"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18825"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18825"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014849"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1631"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18825"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014849"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1631"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18825"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-05-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014849"
          },
          {
            "date": "2020-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-1631"
          },
          {
            "date": "2020-04-20T17:15:13.007000",
            "db": "NVD",
            "id": "CVE-2017-18825"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-05-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014849"
          },
          {
            "date": "2020-04-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-1631"
          },
          {
            "date": "2024-11-21T03:21:01.103000",
            "db": "NVD",
            "id": "CVE-2017-18825"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1631"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  NETGEAR Cross-site scripting vulnerabilities in devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014849"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1631"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202004-1387

    Vulnerability from variot - Updated: 2024-11-23 22:44

    Certain NETGEAR devices are affected by directory traversal. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A path traversal vulnerability exists in the device.Information may be obtained. NETGEAR M4300-28G, etc. are all managed switches of NETGEAR. The vulnerability stems from the failure of network systems or products to properly filter resources or special elements in file paths. Attackers can use this vulnerability to access locations outside of the restricted directory

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1387",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "m4300-28g",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-8x8f",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-12x12f",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x24f",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-48x",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4200",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g-poe\\+",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g-poe\\+",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-12x12f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x24f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g-poe+",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-48x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g-poe+",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-8x8f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g-poe+",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g-poe+",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-63374"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014868"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18824"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4200_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-12x12f_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-24x_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-24x24f_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-28g_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-28g-poe%2b_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-48x_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-52g_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-52g-poe%2b_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-8x8f_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014868"
          }
        ]
      },
      "cve": "CVE-2017-18824",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 2.1,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CVE-2017-18824",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 1.0,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 2.1,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-014868",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 2.1,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2021-63374",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.8,
                "id": "CVE-2017-18824",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "cve@mitre.org",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.5,
                "id": "CVE-2017-18824",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 3.3,
                "baseSeverity": "Low",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-014868",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-18824",
                "trust": 1.0,
                "value": "LOW"
              },
              {
                "author": "cve@mitre.org",
                "id": "CVE-2017-18824",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2017-014868",
                "trust": 0.8,
                "value": "Low"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-63374",
                "trust": 0.6,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-63374"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014868"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18824"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18824"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Certain NETGEAR devices are affected by directory traversal. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A path traversal vulnerability exists in the device.Information may be obtained. NETGEAR M4300-28G, etc. are all managed switches of NETGEAR. The vulnerability stems from the failure of network systems or products to properly filter resources or special elements in file paths. Attackers can use this vulnerability to access locations outside of the restricted directory",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-18824"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014868"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-63374"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-18824",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014868",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-63374",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1629",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-63374"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014868"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1629"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18824"
          }
        ]
      },
      "id": "VAR-202004-1387",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-63374"
          }
        ],
        "trust": 1.072449505
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-63374"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:44:36.337000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Security Advisory for Directory Traversal on Some Fully Managed Switches, PSV-2017-1942",
            "trust": 0.8,
            "url": "https://kb.netgear.com/000049041/Security-Advisory-for-Directory-Traversal-on-Some-Fully-Managed-Switches-PSV-2017-1942"
          },
          {
            "title": "Patch for Path traversal vulnerabilities in multiple NETGEAR products",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/287156"
          },
          {
            "title": "Multiple NETGEAR Product path traversal vulnerability fixes",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116202"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-63374"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014868"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1629"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-22",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014868"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18824"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18824"
          },
          {
            "trust": 1.6,
            "url": "https://kb.netgear.com/000049041/security-advisory-for-directory-traversal-on-some-fully-managed-switches-psv-2017-1942"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18824"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-63374"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014868"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1629"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18824"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-63374"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014868"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1629"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18824"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-08-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-63374"
          },
          {
            "date": "2020-05-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014868"
          },
          {
            "date": "2020-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-1629"
          },
          {
            "date": "2020-04-20T17:15:12.787000",
            "db": "NVD",
            "id": "CVE-2017-18824"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-08-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-63374"
          },
          {
            "date": "2020-05-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014868"
          },
          {
            "date": "2020-04-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-1629"
          },
          {
            "date": "2024-11-21T03:21:00.933000",
            "db": "NVD",
            "id": "CVE-2017-18824"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  NETGEAR Path traversal vulnerabilities in devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014868"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "path traversal",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1629"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202004-1396

    Vulnerability from variot - Updated: 2024-11-23 22:41

    Certain NETGEAR devices are affected by reflected XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1396",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "m4300-48x",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g-poe\\+",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g-poe\\+",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4200",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-12x12f",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-8x8f",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x24f",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-12x12f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x24f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g-poe+",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-48x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g-poe+",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-8x8f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014854"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18833"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4200_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-12x12f_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-24x_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-24x24f_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-28g_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-28g-poe%2b_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-48x_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-52g_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-52g-poe%2b_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-8x8f_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014854"
          }
        ]
      },
      "cve": "CVE-2017-18833",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2017-18833",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-014854",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2017-18833",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "cve@mitre.org",
                "availabilityImpact": "LOW",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.8,
                "id": "CVE-2017-18833",
                "impactScore": 3.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.1,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-014854",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-18833",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "cve@mitre.org",
                "id": "CVE-2017-18833",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2017-014854",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202004-1638",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014854"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1638"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18833"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18833"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Certain NETGEAR devices are affected by reflected XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-18833"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014854"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-18833",
            "trust": 2.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014854",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1638",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014854"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1638"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18833"
          }
        ]
      },
      "id": "VAR-202004-1396",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.472449505
      },
      "last_update_date": "2024-11-23T22:41:06.725000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Security Advisory for Reflected Cross Site Scripting on Some Fully Managed Switches, PSV-2017-1955",
            "trust": 0.8,
            "url": "https://kb.netgear.com/000049029/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Fully-Managed-Switches-PSV-2017-1955"
          },
          {
            "title": "Multiple NETGEAR Fixes for product cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116957"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014854"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1638"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014854"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18833"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://kb.netgear.com/000049029/security-advisory-for-reflected-cross-site-scripting-on-some-fully-managed-switches-psv-2017-1955"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18833"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18833"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014854"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1638"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18833"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014854"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1638"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18833"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-05-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014854"
          },
          {
            "date": "2020-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-1638"
          },
          {
            "date": "2020-04-20T17:15:14.867000",
            "db": "NVD",
            "id": "CVE-2017-18833"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-05-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014854"
          },
          {
            "date": "2020-04-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-1638"
          },
          {
            "date": "2024-11-21T03:21:02.470000",
            "db": "NVD",
            "id": "CVE-2017-18833"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1638"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  NETGEAR Cross-site scripting vulnerabilities in devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014854"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1638"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202004-1385

    Vulnerability from variot - Updated: 2024-11-23 22:37

    Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A vulnerability exists in the device regarding permission management.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR M4300-28G, etc. are all managed switches of NETGEAR.

    There are security vulnerabilities in many NETGEAR products. Attackers can use this vulnerability to elevate permissions

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1385",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "m4300-28g",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-8x8f",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-12x12f",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x24f",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-48x",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4200",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g-poe\\+",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g-poe\\+",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-12x12f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x24f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g-poe+",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-48x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g-poe+",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-8x8f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g-poe+",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g-poe+",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-63373"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014889"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18822"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4200_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-12x12f_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-24x_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-24x24f_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-28g_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-28g-poe%2b_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-48x_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-52g_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-52g-poe%2b_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-8x8f_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014889"
          }
        ]
      },
      "cve": "CVE-2017-18822",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CVE-2017-18822",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 4.6,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-014889",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2021-63373",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2017-18822",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "cve@mitre.org",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2017-18822",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-014889",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-18822",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "cve@mitre.org",
                "id": "CVE-2017-18822",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2017-014889",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-63373",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-63373"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014889"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18822"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18822"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A vulnerability exists in the device regarding permission management.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR M4300-28G, etc. are all managed switches of NETGEAR. \n\r\n\r\nThere are security vulnerabilities in many NETGEAR products. Attackers can use this vulnerability to elevate permissions",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-18822"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014889"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-63373"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-18822",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014889",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-63373",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1627",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-63373"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014889"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1627"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18822"
          }
        ]
      },
      "id": "VAR-202004-1385",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-63373"
          }
        ],
        "trust": 1.072449505
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-63373"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:37:25.038000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Security Advisory for Vertical Privilege Escalation Vulnerability on Some Fully Managed Switches, PSV-2017-1944",
            "trust": 0.8,
            "url": "https://kb.netgear.com/000049043/Security-Advisory-for-Vertical-Privilege-Escalation-on-Some-Fully-Managed-Switches-PSV-2017-1944"
          },
          {
            "title": "Patch for Privilege escalation vulnerabilities in multiple NETGEAR products (CNVD-2021-63373)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/287171"
          },
          {
            "title": "Multiple NETGEAR Product security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116200"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-63373"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014889"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1627"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-269",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014889"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18822"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18822"
          },
          {
            "trust": 1.6,
            "url": "https://kb.netgear.com/000049043/security-advisory-for-vertical-privilege-escalation-on-some-fully-managed-switches-psv-2017-1944"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18822"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-63373"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014889"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1627"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18822"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-63373"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014889"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1627"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18822"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-08-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-63373"
          },
          {
            "date": "2020-05-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014889"
          },
          {
            "date": "2020-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-1627"
          },
          {
            "date": "2020-04-20T17:15:12.320000",
            "db": "NVD",
            "id": "CVE-2017-18822"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-08-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-63373"
          },
          {
            "date": "2020-05-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014889"
          },
          {
            "date": "2020-04-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-1627"
          },
          {
            "date": "2024-11-21T03:21:00.603000",
            "db": "NVD",
            "id": "CVE-2017-18822"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  NETGEAR Device permission management vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014889"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1627"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202004-1402

    Vulnerability from variot - Updated: 2024-11-23 22:33

    Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1402",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "m4300-48x",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g-poe\\+",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g-poe\\+",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4200",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-12x12f",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-8x8f",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x24f",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-12x12f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x24f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g-poe+",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-48x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g-poe+",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-8x8f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014844"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18839"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4200_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-12x12f_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-24x_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-24x24f_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-28g_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-28g-poe%2b_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-48x_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-52g_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-52g-poe%2b_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-8x8f_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014844"
          }
        ]
      },
      "cve": "CVE-2017-18839",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CVE-2017-18839",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 3.5,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-014844",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.7,
                "id": "CVE-2017-18839",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "cve@mitre.org",
                "availabilityImpact": "LOW",
                "baseScore": 5.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.1,
                "id": "CVE-2017-18839",
                "impactScore": 3.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.8,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-014844",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "High",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-18839",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "cve@mitre.org",
                "id": "CVE-2017-18839",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2017-014844",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202004-1616",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014844"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1616"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18839"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18839"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-18839"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014844"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-18839",
            "trust": 2.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014844",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1616",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014844"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1616"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18839"
          }
        ]
      },
      "id": "VAR-202004-1402",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.472449505
      },
      "last_update_date": "2024-11-23T22:33:28.504000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Security Advisory for Stored Cross Site Scripting on Some Fully Managed Switches, PSV-2017-2004",
            "trust": 0.8,
            "url": "https://kb.netgear.com/000049023/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Fully-Managed-Switches-PSV-2017-2004"
          },
          {
            "title": "Multiple NETGEAR Fixes for product cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116936"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014844"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1616"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014844"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18839"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://kb.netgear.com/000049023/security-advisory-for-stored-cross-site-scripting-on-some-fully-managed-switches-psv-2017-2004"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18839"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18839"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014844"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1616"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18839"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014844"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1616"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18839"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-05-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014844"
          },
          {
            "date": "2020-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-1616"
          },
          {
            "date": "2020-04-20T16:15:13.273000",
            "db": "NVD",
            "id": "CVE-2017-18839"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-05-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014844"
          },
          {
            "date": "2020-04-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-1616"
          },
          {
            "date": "2024-11-21T03:21:03.523000",
            "db": "NVD",
            "id": "CVE-2017-18839"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1616"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  NETGEAR Cross-site scripting vulnerabilities in devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014844"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1616"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202004-1391

    Vulnerability from variot - Updated: 2024-11-23 22:29

    Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. NETGEAR M4300-28G, etc. are all managed switches of NETGEAR. The vulnerability stems from the lack of correct verification of client data in the WEB application. An attacker can use this vulnerability to execute client code

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1391",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "m4300-28g",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-8x8f",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-12x12f",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x24f",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-48x",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4200",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g-poe\\+",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g-poe\\+",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-12x12f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x24f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g-poe+",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-48x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g-poe+",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-8x8f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g-poe+",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g-poe+",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-42022"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014851"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18828"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4200_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-12x12f_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-24x_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-24x24f_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-28g_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-28g-poe%2b_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-48x_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-52g_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-52g-poe%2b_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-8x8f_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014851"
          }
        ]
      },
      "cve": "CVE-2017-18828",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CVE-2017-18828",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 3.5,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-014851",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CNVD-2020-42022",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.7,
                "id": "CVE-2017-18828",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "cve@mitre.org",
                "availabilityImpact": "LOW",
                "baseScore": 5.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.1,
                "id": "CVE-2017-18828",
                "impactScore": 3.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.8,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-014851",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "High",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-18828",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "cve@mitre.org",
                "id": "CVE-2017-18828",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2017-014851",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-42022",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202004-1630",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-42022"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014851"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1630"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18828"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18828"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. NETGEAR M4300-28G, etc. are all managed switches of NETGEAR. The vulnerability stems from the lack of correct verification of client data in the WEB application. An attacker can use this vulnerability to execute client code",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-18828"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014851"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-42022"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-18828",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014851",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-42022",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1630",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-42022"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014851"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1630"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18828"
          }
        ]
      },
      "id": "VAR-202004-1391",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-42022"
          }
        ],
        "trust": 1.072449505
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-42022"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:29:39.012000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Security Advisory for Stored Cross Site Scripting on Some Fully Managed Switches, PSV -2017-1938",
            "trust": 0.8,
            "url": "https://kb.netgear.com/000049033/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Fully-Managed-Switches-PSV-2017-1938"
          },
          {
            "title": "Patch for Cross-site scripting vulnerabilities in multiple NETGEAR products (CNVD-2020-42022)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/227037"
          },
          {
            "title": "Multiple NETGEAR Fixes for product cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116950"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-42022"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014851"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1630"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014851"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18828"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18828"
          },
          {
            "trust": 1.6,
            "url": "https://kb.netgear.com/000049033/security-advisory-for-stored-cross-site-scripting-on-some-fully-managed-switches-psv-2017-1938"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18828"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-42022"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014851"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1630"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18828"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-42022"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014851"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1630"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18828"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-07-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-42022"
          },
          {
            "date": "2020-05-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014851"
          },
          {
            "date": "2020-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-1630"
          },
          {
            "date": "2020-04-20T17:15:13.697000",
            "db": "NVD",
            "id": "CVE-2017-18828"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-07-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-42022"
          },
          {
            "date": "2020-05-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014851"
          },
          {
            "date": "2020-04-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-1630"
          },
          {
            "date": "2024-11-21T03:21:01.607000",
            "db": "NVD",
            "id": "CVE-2017-18828"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1630"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  NETGEAR Cross-site scripting vulnerabilities in devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014851"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1630"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202004-1403

    Vulnerability from variot - Updated: 2024-11-23 22:25

    Certain NETGEAR devices are affected by denial of service. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR The device contains an input verification vulnerability.Service operation interruption (DoS) It may be put into a state. NETGEAR M4300-28G, etc. are all managed switches of NETGEAR.

    There are security vulnerabilities in many NETGEAR products

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1403",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "m4300-28g",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-8x8f",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-12x12f",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x24f",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-48x",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4200",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g-poe\\+",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g-poe\\+",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-12x12f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x24f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g-poe+",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-48x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g-poe+",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-8x8f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g-poe+",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g-poe+",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-57169"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014845"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18840"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4200_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-12x12f_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-24x_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-24x24f_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-28g_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-28g-poe%2b_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-48x_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-52g_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-52g-poe%2b_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-8x8f_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014845"
          }
        ]
      },
      "cve": "CVE-2017-18840",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 2.1,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2017-18840",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 1.0,
                "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 2.1,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-014845",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "HIGH",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 1.2,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 1.9,
                "id": "CNVD-2021-57169",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:L/AC:H/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.5,
                "id": "CVE-2017-18840",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "cve@mitre.org",
                "availabilityImpact": "HIGH",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.5,
                "id": "CVE-2017-18840",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 6.2,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-014845",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-18840",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "cve@mitre.org",
                "id": "CVE-2017-18840",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2017-014845",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-57169",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202004-1615",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-57169"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014845"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1615"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18840"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18840"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Certain NETGEAR devices are affected by denial of service. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR The device contains an input verification vulnerability.Service operation interruption (DoS) It may be put into a state. NETGEAR M4300-28G, etc. are all managed switches of NETGEAR. \n\r\n\r\nThere are security vulnerabilities in many NETGEAR products",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-18840"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014845"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-57169"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-18840",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014845",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-57169",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1615",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-57169"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014845"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1615"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18840"
          }
        ]
      },
      "id": "VAR-202004-1403",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-57169"
          }
        ],
        "trust": 1.072449505
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-57169"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:25:32.601000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Security Advisory for Denial of Service Vulnerability on Some Fully Managed Switches, PSV-2017-2005",
            "trust": 0.8,
            "url": "https://kb.netgear.com/000049022/Security-Advisory-for-Denial-of-Service-Vulnerability-on-Some-Fully-Managed-Switches-PSV-2017-2005"
          },
          {
            "title": "Patch for Multiple NETGEAR products input verification error vulnerability (CNVD-2021-57169)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/283636"
          },
          {
            "title": "Multiple NETGEAR Product input verification error vulnerability fixes",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116935"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-57169"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014845"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1615"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-20",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014845"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18840"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18840"
          },
          {
            "trust": 1.6,
            "url": "https://kb.netgear.com/000049022/security-advisory-for-denial-of-service-vulnerability-on-some-fully-managed-switches-psv-2017-2005"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18840"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-57169"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014845"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1615"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18840"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-57169"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014845"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1615"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18840"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-07-31T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-57169"
          },
          {
            "date": "2020-05-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014845"
          },
          {
            "date": "2020-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-1615"
          },
          {
            "date": "2020-04-20T16:15:13.337000",
            "db": "NVD",
            "id": "CVE-2017-18840"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-07-31T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-57169"
          },
          {
            "date": "2020-05-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014845"
          },
          {
            "date": "2020-04-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-1615"
          },
          {
            "date": "2024-11-21T03:21:03.683000",
            "db": "NVD",
            "id": "CVE-2017-18840"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1615"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  NETGEAR Input verification vulnerabilities on devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014845"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "input validation error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1615"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202004-1395

    Vulnerability from variot - Updated: 2024-11-23 22:21

    Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1395",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "m4300-48x",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g-poe\\+",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g-poe\\+",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4200",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-12x12f",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-8x8f",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x24f",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-12x12f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x24f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g-poe+",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-48x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g-poe+",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-8x8f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014853"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18832"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4200_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-12x12f_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-24x_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-24x24f_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-28g_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-28g-poe%2b_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-48x_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-52g_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-52g-poe%2b_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-8x8f_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014853"
          }
        ]
      },
      "cve": "CVE-2017-18832",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CVE-2017-18832",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 3.5,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-014853",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.7,
                "id": "CVE-2017-18832",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "cve@mitre.org",
                "availabilityImpact": "LOW",
                "baseScore": 5.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.1,
                "id": "CVE-2017-18832",
                "impactScore": 3.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.8,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-014853",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "High",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-18832",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "cve@mitre.org",
                "id": "CVE-2017-18832",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2017-014853",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202004-1639",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014853"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1639"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18832"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18832"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-18832"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014853"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-18832",
            "trust": 2.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014853",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1639",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014853"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1639"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18832"
          }
        ]
      },
      "id": "VAR-202004-1395",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.472449505
      },
      "last_update_date": "2024-11-23T22:21:12.760000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Security Advisory for Stored Cross Site Scripting on Some Fully Managed Switches, PSV-2017-1954",
            "trust": 0.8,
            "url": "https://kb.netgear.com/000049030/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Fully-Managed-Switches-PSV-2017-1954"
          },
          {
            "title": "Multiple NETGEAR Fixes for product cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116958"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014853"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1639"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014853"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18832"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://kb.netgear.com/000049030/security-advisory-for-stored-cross-site-scripting-on-some-fully-managed-switches-psv-2017-1954"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18832"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18832"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014853"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1639"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18832"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014853"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1639"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18832"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-05-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014853"
          },
          {
            "date": "2020-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-1639"
          },
          {
            "date": "2020-04-20T17:15:14.633000",
            "db": "NVD",
            "id": "CVE-2017-18832"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-05-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014853"
          },
          {
            "date": "2020-04-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-1639"
          },
          {
            "date": "2024-11-21T03:21:02.297000",
            "db": "NVD",
            "id": "CVE-2017-18832"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1639"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  NETGEAR Cross-site scripting vulnerabilities in devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014853"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1639"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202004-1389

    Vulnerability from variot - Updated: 2024-11-23 22:16

    Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A vulnerability exists in the device regarding permission management.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR M4300-28G, etc. are all managed switches of NETGEAR.

    There are security vulnerabilities in many NETGEAR products. Attackers can use this vulnerability to elevate permissions

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1389",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "m4300-28g",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-8x8f",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-12x12f",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x24f",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-48x",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4200",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g-poe\\+",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g-poe\\+",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-12x12f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x24f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g-poe+",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-48x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g-poe+",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-8x8f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g-poe+",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g-poe+",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-63375"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014869"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18826"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4200_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-12x12f_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-24x_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-24x24f_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-28g_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-28g-poe%2b_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-48x_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-52g_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-52g-poe%2b_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-8x8f_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014869"
          }
        ]
      },
      "cve": "CVE-2017-18826",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CVE-2017-18826",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 4.6,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-014869",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2021-63375",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2017-18826",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "cve@mitre.org",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2017-18826",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-014869",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-18826",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "cve@mitre.org",
                "id": "CVE-2017-18826",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2017-014869",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-63375",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-63375"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014869"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18826"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18826"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A vulnerability exists in the device regarding permission management.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR M4300-28G, etc. are all managed switches of NETGEAR. \n\r\n\r\nThere are security vulnerabilities in many NETGEAR products. Attackers can use this vulnerability to elevate permissions",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-18826"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014869"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-63375"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-18826",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014869",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-63375",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1633",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-63375"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014869"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1633"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18826"
          }
        ]
      },
      "id": "VAR-202004-1389",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-63375"
          }
        ],
        "trust": 1.072449505
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-63375"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:16:30.383000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Security Advisory for Vertical Privilege Escalation on Some Fully Managed Switches, PSV-2017-1940",
            "trust": 0.8,
            "url": "https://kb.netgear.com/000049039/Security-Advisory-for-Vertical-Privilege-Escalation-on-Some-Fully-Managed-Switches-PSV-2017-1940"
          },
          {
            "title": "Patch for NETGEAR Privilege Escalation Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/287151"
          },
          {
            "title": "Multiple NETGEAR Product security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116210"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-63375"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014869"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1633"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-269",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014869"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18826"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18826"
          },
          {
            "trust": 1.6,
            "url": "https://kb.netgear.com/000049039/security-advisory-for-vertical-privilege-escalation-on-some-fully-managed-switches-psv-2017-1940"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18826"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-63375"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014869"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1633"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18826"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-63375"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014869"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1633"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18826"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-08-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-63375"
          },
          {
            "date": "2020-05-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014869"
          },
          {
            "date": "2020-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-1633"
          },
          {
            "date": "2020-04-20T17:15:13.240000",
            "db": "NVD",
            "id": "CVE-2017-18826"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-08-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-63375"
          },
          {
            "date": "2020-05-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014869"
          },
          {
            "date": "2020-04-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-1633"
          },
          {
            "date": "2024-11-21T03:21:01.270000",
            "db": "NVD",
            "id": "CVE-2017-18826"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  NETGEAR Device permission management vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014869"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1633"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202004-1397

    Vulnerability from variot - Updated: 2024-11-23 22:11

    Certain NETGEAR devices are affected by reflected XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1397",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "m4300-48x",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g-poe\\+",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g-poe\\+",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4200",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-12x12f",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-8x8f",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x24f",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-12x12f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x24f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g-poe+",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-48x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g-poe+",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-8x8f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014855"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18834"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4200_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-12x12f_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-24x_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-24x24f_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-28g_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-28g-poe%2b_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-48x_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-52g_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-52g-poe%2b_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-8x8f_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014855"
          }
        ]
      },
      "cve": "CVE-2017-18834",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2017-18834",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-014855",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2017-18834",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "cve@mitre.org",
                "availabilityImpact": "LOW",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.8,
                "id": "CVE-2017-18834",
                "impactScore": 3.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.1,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-014855",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-18834",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "cve@mitre.org",
                "id": "CVE-2017-18834",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2017-014855",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202004-1651",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014855"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1651"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18834"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18834"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Certain NETGEAR devices are affected by reflected XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-18834"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014855"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-18834",
            "trust": 2.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014855",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1651",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014855"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1651"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18834"
          }
        ]
      },
      "id": "VAR-202004-1397",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.472449505
      },
      "last_update_date": "2024-11-23T22:11:30.702000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Security Advisory for Reflected Cross Site Scripting on Some Fully Managed Switches, PSV-2017-1956",
            "trust": 0.8,
            "url": "https://kb.netgear.com/000049028/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Fully-Managed-Switches-PSV-2017-1956"
          },
          {
            "title": "Multiple NETGEAR Fixes for product cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116969"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014855"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1651"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014855"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18834"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://kb.netgear.com/000049028/security-advisory-for-reflected-cross-site-scripting-on-some-fully-managed-switches-psv-2017-1956"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18834"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18834"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014855"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1651"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18834"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014855"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1651"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18834"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-05-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014855"
          },
          {
            "date": "2020-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-1651"
          },
          {
            "date": "2020-04-20T17:15:14.930000",
            "db": "NVD",
            "id": "CVE-2017-18834"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-05-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014855"
          },
          {
            "date": "2020-04-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-1651"
          },
          {
            "date": "2024-11-21T03:21:02.640000",
            "db": "NVD",
            "id": "CVE-2017-18834"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1651"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  NETGEAR Cross-site scripting vulnerabilities in devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014855"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1651"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202004-1400

    Vulnerability from variot - Updated: 2024-11-23 22:05

    Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A vulnerability exists in the device regarding permission management.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR M4300-28G, etc. are all managed switches of NETGEAR.

    There are security vulnerabilities in many NETGEAR products. Attackers can use this vulnerability to elevate permissions

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1400",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "m4300-28g",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-8x8f",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-12x12f",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x24f",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-48x",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4200",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g-poe\\+",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g-poe\\+",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-12x12f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x24f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g-poe+",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-48x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g-poe+",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-8x8f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g-poe+",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g-poe+",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-67655"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014873"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18837"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4200_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-12x12f_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-24x_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-24x24f_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-28g_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-28g-poe%2b_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-48x_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-52g_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-52g-poe%2b_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-8x8f_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014873"
          }
        ]
      },
      "cve": "CVE-2017-18837",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CVE-2017-18837",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 4.6,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-014873",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2021-67655",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2017-18837",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "cve@mitre.org",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2017-18837",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-014873",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-18837",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "cve@mitre.org",
                "id": "CVE-2017-18837",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2017-014873",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-67655",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-67655"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014873"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18837"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18837"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A vulnerability exists in the device regarding permission management.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR M4300-28G, etc. are all managed switches of NETGEAR. \n\r\n\r\nThere are security vulnerabilities in many NETGEAR products. Attackers can use this vulnerability to elevate permissions",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-18837"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014873"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-67655"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-18837",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014873",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-67655",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1644",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-67655"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014873"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1644"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18837"
          }
        ]
      },
      "id": "VAR-202004-1400",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-67655"
          }
        ],
        "trust": 1.072449505
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-67655"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:05:40.254000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Security Advisory for Vertical Privilege Escalation on Some Fully Managed Switches, PSV-2017-1973",
            "trust": 0.8,
            "url": "https://kb.netgear.com/000049025/Security-Advisory-for-Vertical-Privilege-Escalation-on-Some-Fully-Managed-Switches-PSV-2017-1973"
          },
          {
            "title": "Patch for Privilege escalation vulnerabilities in multiple NETGEAR products",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/289171"
          },
          {
            "title": "Multiple NETGEAR Product security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116241"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-67655"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014873"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1644"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-269",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014873"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18837"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18837"
          },
          {
            "trust": 1.6,
            "url": "https://kb.netgear.com/000049025/security-advisory-for-vertical-privilege-escalation-on-some-fully-managed-switches-psv-2017-1973"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18837"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-67655"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014873"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1644"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18837"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-67655"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014873"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1644"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18837"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-09-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-67655"
          },
          {
            "date": "2020-05-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014873"
          },
          {
            "date": "2020-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-1644"
          },
          {
            "date": "2020-04-20T17:15:15.133000",
            "db": "NVD",
            "id": "CVE-2017-18837"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-09-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-67655"
          },
          {
            "date": "2020-05-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014873"
          },
          {
            "date": "2020-04-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-1644"
          },
          {
            "date": "2024-11-21T03:21:03.163000",
            "db": "NVD",
            "id": "CVE-2017-18837"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  NETGEAR Device permission management vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014873"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1644"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202004-1394

    Vulnerability from variot - Updated: 2024-11-23 21:59

    Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. NETGEAR M4300-28G, etc. are all managed switches of NETGEAR. The vulnerability stems from the lack of correct verification of client data in WEB applications. An attacker can use this vulnerability to execute client code

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1394",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "m4300-28g",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-8x8f",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-12x12f",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x24f",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-48x",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4200",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g-poe\\+",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g-poe\\+",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-12x12f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x24f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g-poe+",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-48x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g-poe+",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-8x8f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g-poe+",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g-poe+",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-59153"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014852"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18831"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4200_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-12x12f_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-24x_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-24x24f_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-28g_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-28g-poe%2b_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-48x_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-52g_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-52g-poe%2b_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-8x8f_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014852"
          }
        ]
      },
      "cve": "CVE-2017-18831",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CVE-2017-18831",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 3.5,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-014852",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CNVD-2021-59153",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.7,
                "id": "CVE-2017-18831",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "cve@mitre.org",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2017-18831",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.8,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-014852",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "High",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-18831",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "cve@mitre.org",
                "id": "CVE-2017-18831",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2017-014852",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-59153",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202004-1637",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-59153"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014852"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1637"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18831"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18831"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. NETGEAR M4300-28G, etc. are all managed switches of NETGEAR. The vulnerability stems from the lack of correct verification of client data in WEB applications. An attacker can use this vulnerability to execute client code",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-18831"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014852"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-59153"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-18831",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014852",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-59153",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1637",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-59153"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014852"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1637"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18831"
          }
        ]
      },
      "id": "VAR-202004-1394",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-59153"
          }
        ],
        "trust": 1.072449505
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-59153"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:59:20.421000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Security Advisory for Vertical Privilege Escalation on Some Fully Managed Switches, PSV-2017-1952",
            "trust": 0.8,
            "url": "https://kb.netgear.com/000049031/Security-Advisory-for-Vertical-Privilege-Escalation-on-Some-Fully-Managed-Switches-PSV-2017-1952"
          },
          {
            "title": "Patch for Cross-site scripting vulnerabilities in multiple NETGEAR products (CNVD-2021-59153)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/284401"
          },
          {
            "title": "Multiple NETGEAR Fixes for product cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116956"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-59153"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014852"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1637"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014852"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18831"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18831"
          },
          {
            "trust": 1.6,
            "url": "https://kb.netgear.com/000049031/security-advisory-for-vertical-privilege-escalation-on-some-fully-managed-switches-psv-2017-1952"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18831"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-59153"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014852"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1637"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18831"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-59153"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014852"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1637"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18831"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-08-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-59153"
          },
          {
            "date": "2020-05-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014852"
          },
          {
            "date": "2020-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-1637"
          },
          {
            "date": "2020-04-20T17:15:14.397000",
            "db": "NVD",
            "id": "CVE-2017-18831"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-08-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-59153"
          },
          {
            "date": "2020-05-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014852"
          },
          {
            "date": "2020-04-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-1637"
          },
          {
            "date": "2024-11-21T03:21:02.130000",
            "db": "NVD",
            "id": "CVE-2017-18831"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1637"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  NETGEAR Cross-site scripting vulnerabilities in devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014852"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1637"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202004-1398

    Vulnerability from variot - Updated: 2024-11-23 21:51

    Certain NETGEAR devices are affected by reflected XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1398",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "m4300-48x",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g-poe\\+",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g-poe\\+",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4200",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-12x12f",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-8x8f",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x24f",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-12x12f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x24f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g-poe+",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-48x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g-poe+",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-8x8f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014856"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18835"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4200_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-12x12f_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-24x_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-24x24f_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-28g_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-28g-poe%2b_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-48x_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-52g_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-52g-poe%2b_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-8x8f_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014856"
          }
        ]
      },
      "cve": "CVE-2017-18835",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2017-18835",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-014856",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2017-18835",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "cve@mitre.org",
                "availabilityImpact": "LOW",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.8,
                "id": "CVE-2017-18835",
                "impactScore": 3.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.1,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-014856",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-18835",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "cve@mitre.org",
                "id": "CVE-2017-18835",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2017-014856",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202004-1647",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014856"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1647"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18835"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18835"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Certain NETGEAR devices are affected by reflected XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-18835"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014856"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-18835",
            "trust": 2.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014856",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1647",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014856"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1647"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18835"
          }
        ]
      },
      "id": "VAR-202004-1398",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.472449505
      },
      "last_update_date": "2024-11-23T21:51:30.905000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Security Advisory for Reflected Cross Site Scripting on Some Fully Managed Switches, PSV-2017-1957",
            "trust": 0.8,
            "url": "https://kb.netgear.com/000049027/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Fully-Managed-Switches-PSV-2017-1957"
          },
          {
            "title": "Multiple NETGEAR Fixes for product cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116966"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014856"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1647"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014856"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18835"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://kb.netgear.com/000049027/security-advisory-for-reflected-cross-site-scripting-on-some-fully-managed-switches-psv-2017-1957"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18835"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18835"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014856"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1647"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18835"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014856"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1647"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18835"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-05-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014856"
          },
          {
            "date": "2020-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-1647"
          },
          {
            "date": "2020-04-20T17:15:15.007000",
            "db": "NVD",
            "id": "CVE-2017-18835"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-05-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014856"
          },
          {
            "date": "2020-04-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-1647"
          },
          {
            "date": "2024-11-21T03:21:02.810000",
            "db": "NVD",
            "id": "CVE-2017-18835"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1647"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  NETGEAR Cross-site scripting vulnerabilities in devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014856"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1647"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202004-1401

    Vulnerability from variot - Updated: 2024-11-23 21:35

    Certain NETGEAR devices are affected by privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A vulnerability exists in the device regarding permission management.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR M4300-28G, etc. are all managed switches of NETGEAR.

    There are security vulnerabilities in many NETGEAR products. Attackers can use this vulnerability to elevate permissions

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1401",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "m4300-28g",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-8x8f",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-12x12f",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x24f",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-48x",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4200",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g-poe\\+",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g-poe\\+",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-12x12f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-24x24f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g-poe+",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-48x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g-poe+",
            "scope": null,
            "trust": 0.8,
            "vendor": "netgear",
            "version": null
          },
          {
            "model": "m4300-8x8f",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-28g-poe+",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          },
          {
            "model": "m4300-52g-poe+",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "12.0.2.15"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-67654"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014843"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18838"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4200_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-12x12f_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-24x_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-24x24f_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-28g_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-28g-poe%2b_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-48x_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-52g_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-52g-poe%2b_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:m4300-8x8f_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014843"
          }
        ]
      },
      "cve": "CVE-2017-18838",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CVE-2017-18838",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 4.6,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-014843",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2021-67654",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2017-18838",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "cve@mitre.org",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2017-18838",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-014843",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-18838",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "cve@mitre.org",
                "id": "CVE-2017-18838",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2017-014843",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-67654",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202004-1617",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-67654"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014843"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1617"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18838"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18838"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Certain NETGEAR devices are affected by privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A vulnerability exists in the device regarding permission management.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR M4300-28G, etc. are all managed switches of NETGEAR. \n\r\n\r\nThere are security vulnerabilities in many NETGEAR products. Attackers can use this vulnerability to elevate permissions",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-18838"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014843"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-67654"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-18838",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014843",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-67654",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1617",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-67654"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014843"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1617"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18838"
          }
        ]
      },
      "id": "VAR-202004-1401",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-67654"
          }
        ],
        "trust": 1.072449505
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-67654"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:35:53.626000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Security Advisory for Vertical Privilege Escalation on Some Fully Managed Switches, PSV-2017-1975",
            "trust": 0.8,
            "url": "https://kb.netgear.com/000049024/Security-Advisory-for-Vertical-Privilege-Escalation-on-Some-Fully-Managed-Switches-PSV-2017-1975"
          },
          {
            "title": "Patch for Privilege escalation vulnerabilities in multiple NETGEAR products (CNVD-2021-67654)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/289191"
          },
          {
            "title": "Multiple NETGEAR Product security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116937"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-67654"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014843"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1617"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-269",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014843"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18838"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18838"
          },
          {
            "trust": 1.6,
            "url": "https://kb.netgear.com/000049024/security-advisory-for-vertical-privilege-escalation-on-some-fully-managed-switches-psv-2017-1975"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18838"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-67654"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014843"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1617"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18838"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-67654"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014843"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1617"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18838"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-09-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-67654"
          },
          {
            "date": "2020-05-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014843"
          },
          {
            "date": "2020-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-1617"
          },
          {
            "date": "2020-04-20T16:15:13.227000",
            "db": "NVD",
            "id": "CVE-2017-18838"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-09-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-67654"
          },
          {
            "date": "2020-05-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014843"
          },
          {
            "date": "2020-04-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-1617"
          },
          {
            "date": "2024-11-21T03:21:03.343000",
            "db": "NVD",
            "id": "CVE-2017-18838"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1617"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  NETGEAR Device permission management vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014843"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1617"
          }
        ],
        "trust": 0.6
      }
    }