CVE-2017-18828

moderate-risk

Published 2020-04-20

Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.

Do I need to act?

0.19% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.8/10 Medium

NETWORK / LOW complexity

Affected Products (10)

M4300-28G Firmware

M4300-52G Firmware

M4300-28G-Poe\+ Firmware

M4300-52G-Poe\+ Firmware

M4300-8X8F Firmware

M4300-12X12F Firmware

M4300-24X24F Firmware

M4300-24X Firmware

M4300-48X Firmware

M4200 Firmware

Affected Vendors

Netgear

References (2)

Vendor Advisory https://kb.netgear.com/000049033/Security-Advisory-for-Stored-Cross-Site-Scripti...

/ 100

moderate-risk

Severity 19/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 16/34 · Moderate