VAR-202004-1394
Vulnerability from variot - Updated: 2024-11-23 21:59Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. NETGEAR M4300-28G, etc. are all managed switches of NETGEAR. The vulnerability stems from the lack of correct verification of client data in WEB applications. An attacker can use this vulnerability to execute client code
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-1394",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "m4300-28g",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4300-52g",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4300-8x8f",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4300-12x12f",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4300-24x24f",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4300-24x",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4300-48x",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4200",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4300-28g-poe\\+",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4300-52g-poe\\+",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4200",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4300-12x12f",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4300-24x",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4300-24x24f",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4300-28g",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4300-28g-poe+",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4300-48x",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4300-52g",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4300-52g-poe+",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4300-8x8f",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4300-28g-poe+",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4300-52g-poe+",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "12.0.2.15"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-59153"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014852"
},
{
"db": "NVD",
"id": "CVE-2017-18831"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:netgear:m4200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:m4300-12x12f_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:m4300-24x_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:m4300-24x24f_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:m4300-28g_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:m4300-28g-poe%2b_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:m4300-48x_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:m4300-52g_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:m4300-52g-poe%2b_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:m4300-8x8f_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014852"
}
]
},
"cve": "CVE-2017-18831",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2017-18831",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2017-014852",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CNVD-2021-59153",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.7,
"id": "CVE-2017-18831",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "cve@mitre.org",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2017-18831",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.8,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2017-014852",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-18831",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cve@mitre.org",
"id": "CVE-2017-18831",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2017-014852",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2021-59153",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-1637",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-59153"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014852"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1637"
},
{
"db": "NVD",
"id": "CVE-2017-18831"
},
{
"db": "NVD",
"id": "CVE-2017-18831"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. NETGEAR M4300-28G, etc. are all managed switches of NETGEAR. The vulnerability stems from the lack of correct verification of client data in WEB applications. An attacker can use this vulnerability to execute client code",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-18831"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014852"
},
{
"db": "CNVD",
"id": "CNVD-2021-59153"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-18831",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014852",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-59153",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1637",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-59153"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014852"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1637"
},
{
"db": "NVD",
"id": "CVE-2017-18831"
}
]
},
"id": "VAR-202004-1394",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-59153"
}
],
"trust": 1.072449505
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-59153"
}
]
},
"last_update_date": "2024-11-23T21:59:20.421000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Advisory for Vertical Privilege Escalation on Some Fully Managed Switches, PSV-2017-1952",
"trust": 0.8,
"url": "https://kb.netgear.com/000049031/Security-Advisory-for-Vertical-Privilege-Escalation-on-Some-Fully-Managed-Switches-PSV-2017-1952"
},
{
"title": "Patch for Cross-site scripting vulnerabilities in multiple NETGEAR products (CNVD-2021-59153)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/284401"
},
{
"title": "Multiple NETGEAR Fixes for product cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116956"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-59153"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014852"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1637"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014852"
},
{
"db": "NVD",
"id": "CVE-2017-18831"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18831"
},
{
"trust": 1.6,
"url": "https://kb.netgear.com/000049031/security-advisory-for-vertical-privilege-escalation-on-some-fully-managed-switches-psv-2017-1952"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18831"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-59153"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014852"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1637"
},
{
"db": "NVD",
"id": "CVE-2017-18831"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-59153"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014852"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1637"
},
{
"db": "NVD",
"id": "CVE-2017-18831"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-59153"
},
{
"date": "2020-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014852"
},
{
"date": "2020-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1637"
},
{
"date": "2020-04-20T17:15:14.397000",
"db": "NVD",
"id": "CVE-2017-18831"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-59153"
},
{
"date": "2020-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014852"
},
{
"date": "2020-04-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1637"
},
{
"date": "2024-11-21T03:21:02.130000",
"db": "NVD",
"id": "CVE-2017-18831"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-1637"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural NETGEAR Cross-site scripting vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014852"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-1637"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…