PT-2020-8375 · NetGear · M4300-24X+9

Published

2020-04-20

Updated

2020-04-22

CVE-2017-18828

CVSS v3.1

5.2

Medium

Vector

AC:L/AV:L/A:L/C:L/I:L/PR:H/S:C/UI:R

Name of the Vulnerable Software and Affected Versions: M4300-28G versions prior to 12.0.2.15 M4300-52G versions prior to 12.0.2.15 M4300-28G-POE+ versions prior to 12.0.2.15 M4300-52G-POE+ versions prior to 12.0.2.15 M4300-8X8F versions prior to 12.0.2.15 M4300-12X12F versions prior to 12.0.2.15 M4300-24X24F versions prior to 12.0.2.15 M4300-24X versions prior to 12.0.2.15 M4300-48X versions prior to 12.0.2.15 M4200 versions prior to 12.0.2.15

Description: Certain NETGEAR devices are affected by stored XSS.

Recommendations: For M4300-28G versions prior to 12.0.2.15, update to version 12.0.2.15 or later. For M4300-52G versions prior to 12.0.2.15, update to version 12.0.2.15 or later. For M4300-28G-POE+ versions prior to 12.0.2.15, update to version 12.0.2.15 or later. For M4300-52G-POE+ versions prior to 12.0.2.15, update to version 12.0.2.15 or later. For M4300-8X8F versions prior to 12.0.2.15, update to version 12.0.2.15 or later. For M4300-12X12F versions prior to 12.0.2.15, update to version 12.0.2.15 or later. For M4300-24X24F versions prior to 12.0.2.15, update to version 12.0.2.15 or later. For M4300-24X versions prior to 12.0.2.15, update to version 12.0.2.15 or later. For M4300-48X versions prior to 12.0.2.15, update to version 12.0.2.15 or later. For M4200 versions prior to 12.0.2.15, update to version 12.0.2.15 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2017-18828

Affected Products

M4200

M4300-12X12F

M4300-24X

M4300-24X24F

M4300-28G

M4300-28G-Poe+

M4300-48X

M4300-52G

M4300-52G-Poe+

M4300-8X8F

PT-2020-8375 · NetGear · M4300-24X+9

CVE-2017-18828

Weakness Enumeration

Related Identifiers

Affected Products

References · 5