PT-2020-8369 · NetGear · M4300-24X+9

Published

2020-04-20

·

Updated

2020-04-23

·

CVE-2017-18822

CVSS v3.1

7.8

High

VectorAC:L/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:N
Name of the Vulnerable Software and Affected Versions: M4300-28G versions prior to 12.0.2.15 M4300-52G versions prior to 12.0.2.15 M4300-28G-POE+ versions prior to 12.0.2.15 M4300-52G-POE+ versions prior to 12.0.2.15 M4300-8X8F versions prior to 12.0.2.15 M4300-12X12F versions prior to 12.0.2.15 M4300-24X24F versions prior to 12.0.2.15 M4300-24X versions prior to 12.0.2.15 M4300-48X versions prior to 12.0.2.15 M4200 versions prior to 12.0.2.15
Description: Certain NETGEAR devices are affected by vertical privilege escalation.
Recommendations: For M4300-28G versions prior to 12.0.2.15, update to version 12.0.2.15 or later. For M4300-52G versions prior to 12.0.2.15, update to version 12.0.2.15 or later. For M4300-28G-POE+ versions prior to 12.0.2.15, update to version 12.0.2.15 or later. For M4300-52G-POE+ versions prior to 12.0.2.15, update to version 12.0.2.15 or later. For M4300-8X8F versions prior to 12.0.2.15, update to version 12.0.2.15 or later. For M4300-12X12F versions prior to 12.0.2.15, update to version 12.0.2.15 or later. For M4300-24X24F versions prior to 12.0.2.15, update to version 12.0.2.15 or later. For M4300-24X versions prior to 12.0.2.15, update to version 12.0.2.15 or later. For M4300-48X versions prior to 12.0.2.15, update to version 12.0.2.15 or later. For M4200 versions prior to 12.0.2.15, update to version 12.0.2.15 or later.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

CVE-2017-18822

Affected Products

M4200
M4300-12X12F
M4300-24X
M4300-24X24F
M4300-28G
M4300-28G-Poe+
M4300-48X
M4300-52G
M4300-52G-Poe+
M4300-8X8F