PT-2020-8384 · NetGear · Netgear M4300-24X+9

Published

2020-04-20

·

Updated

2020-04-23

·

CVE-2017-18837

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: NETGEAR M4300-28G versions prior to 12.0.2.15 NETGEAR M4300-52G versions prior to 12.0.2.15 NETGEAR M4300-28G-POE+ versions prior to 12.0.2.15 NETGEAR M4300-52G-POE+ versions prior to 12.0.2.15 NETGEAR M4300-8X8F versions prior to 12.0.2.15 NETGEAR M4300-12X12F versions prior to 12.0.2.15 NETGEAR M4300-24X24F versions prior to 12.0.2.15 NETGEAR M4300-24X versions prior to 12.0.2.15 NETGEAR M4300-48X versions prior to 12.0.2.15 NETGEAR M4200 versions prior to 12.0.2.15
Description: The issue is related to vertical privilege escalation, affecting certain NETGEAR devices.
Recommendations: For NETGEAR M4300-28G versions prior to 12.0.2.15, update to version 12.0.2.15 or later. For NETGEAR M4300-52G versions prior to 12.0.2.15, update to version 12.0.2.15 or later. For NETGEAR M4300-28G-POE+ versions prior to 12.0.2.15, update to version 12.0.2.15 or later. For NETGEAR M4300-52G-POE+ versions prior to 12.0.2.15, update to version 12.0.2.15 or later. For NETGEAR M4300-8X8F versions prior to 12.0.2.15, update to version 12.0.2.15 or later. For NETGEAR M4300-12X12F versions prior to 12.0.2.15, update to version 12.0.2.15 or later. For NETGEAR M4300-24X24F versions prior to 12.0.2.15, update to version 12.0.2.15 or later. For NETGEAR M4300-24X versions prior to 12.0.2.15, update to version 12.0.2.15 or later. For NETGEAR M4300-48X versions prior to 12.0.2.15, update to version 12.0.2.15 or later. For NETGEAR M4200 versions prior to 12.0.2.15, update to version 12.0.2.15 or later.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

CVE-2017-18837

Affected Products

Netgear M4200
Netgear M4300-12X12F
Netgear M4300-24X
Netgear M4300-24X24F
Netgear M4300-28G
Netgear M4300-28G-Poe+
Netgear M4300-48X
Netgear M4300-52G
Netgear M4300-52G-Poe+
Netgear M4300-8X8F