CVE-2017-18823

moderate-risk

Published 2020-04-20

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.

Do I need to act?

0.05% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (10)

M4300-28G Firmware

M4300-52G Firmware

M4300-28G-Poe\+ Firmware

M4300-52G-Poe\+ Firmware

M4300-8X8F Firmware

M4300-12X12F Firmware

M4300-24X24F Firmware

M4300-24X Firmware

M4300-48X Firmware

M4200 Firmware

Affected Vendors

Netgear

References (2)

Vendor Advisory https://kb.netgear.com/000049042/Security-Advisory-for-Security-Misconfiguration...

/ 100

moderate-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 16/34 · Moderate