VAR-202004-1387
Vulnerability from variot - Updated: 2024-11-23 22:44Certain NETGEAR devices are affected by directory traversal. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A path traversal vulnerability exists in the device.Information may be obtained. NETGEAR M4300-28G, etc. are all managed switches of NETGEAR. The vulnerability stems from the failure of network systems or products to properly filter resources or special elements in file paths. Attackers can use this vulnerability to access locations outside of the restricted directory
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-1387",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "m4300-28g",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4300-52g",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4300-8x8f",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4300-12x12f",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4300-24x24f",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4300-24x",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4300-48x",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4200",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4300-28g-poe\\+",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4300-52g-poe\\+",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4200",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4300-12x12f",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4300-24x",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4300-24x24f",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4300-28g",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4300-28g-poe+",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4300-48x",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4300-52g",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4300-52g-poe+",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4300-8x8f",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4300-28g-poe+",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4300-52g-poe+",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "12.0.2.15"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-63374"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014868"
},
{
"db": "NVD",
"id": "CVE-2017-18824"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:netgear:m4200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:m4300-12x12f_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:m4300-24x_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:m4300-24x24f_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:m4300-28g_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:m4300-28g-poe%2b_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:m4300-48x_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:m4300-52g_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:m4300-52g-poe%2b_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:m4300-8x8f_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014868"
}
]
},
"cve": "CVE-2017-18824",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2017-18824",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2017-014868",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2021-63374",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"id": "CVE-2017-18824",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "cve@mitre.org",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.5,
"id": "CVE-2017-18824",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.3,
"baseSeverity": "Low",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2017-014868",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-18824",
"trust": 1.0,
"value": "LOW"
},
{
"author": "cve@mitre.org",
"id": "CVE-2017-18824",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2017-014868",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNVD",
"id": "CNVD-2021-63374",
"trust": 0.6,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-63374"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014868"
},
{
"db": "NVD",
"id": "CVE-2017-18824"
},
{
"db": "NVD",
"id": "CVE-2017-18824"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR devices are affected by directory traversal. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A path traversal vulnerability exists in the device.Information may be obtained. NETGEAR M4300-28G, etc. are all managed switches of NETGEAR. The vulnerability stems from the failure of network systems or products to properly filter resources or special elements in file paths. Attackers can use this vulnerability to access locations outside of the restricted directory",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-18824"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014868"
},
{
"db": "CNVD",
"id": "CNVD-2021-63374"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-18824",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014868",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-63374",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1629",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-63374"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014868"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1629"
},
{
"db": "NVD",
"id": "CVE-2017-18824"
}
]
},
"id": "VAR-202004-1387",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-63374"
}
],
"trust": 1.072449505
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-63374"
}
]
},
"last_update_date": "2024-11-23T22:44:36.337000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Advisory for Directory Traversal on Some Fully Managed Switches, PSV-2017-1942",
"trust": 0.8,
"url": "https://kb.netgear.com/000049041/Security-Advisory-for-Directory-Traversal-on-Some-Fully-Managed-Switches-PSV-2017-1942"
},
{
"title": "Patch for Path traversal vulnerabilities in multiple NETGEAR products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/287156"
},
{
"title": "Multiple NETGEAR Product path traversal vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116202"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-63374"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014868"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1629"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014868"
},
{
"db": "NVD",
"id": "CVE-2017-18824"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18824"
},
{
"trust": 1.6,
"url": "https://kb.netgear.com/000049041/security-advisory-for-directory-traversal-on-some-fully-managed-switches-psv-2017-1942"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18824"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-63374"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014868"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1629"
},
{
"db": "NVD",
"id": "CVE-2017-18824"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-63374"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014868"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1629"
},
{
"db": "NVD",
"id": "CVE-2017-18824"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-63374"
},
{
"date": "2020-05-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014868"
},
{
"date": "2020-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1629"
},
{
"date": "2020-04-20T17:15:12.787000",
"db": "NVD",
"id": "CVE-2017-18824"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-63374"
},
{
"date": "2020-05-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014868"
},
{
"date": "2020-04-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1629"
},
{
"date": "2024-11-21T03:21:00.933000",
"db": "NVD",
"id": "CVE-2017-18824"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural NETGEAR Path traversal vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014868"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-1629"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…