CVE-2017-18862

moderate-risk
Published 2020-04-28

Certain NETGEAR devices are affected by authentication bypass. This affects JGS516PE before 2017-05-11, JGS524Ev2 before 2017-05-11, JGS524PE before 2017-05-11, GS105Ev2 before 2017-05-11, GS105PE before 2017-05-11, GS108Ev3 before 2017-05-11, GS108PEv3 before 2017-05-11, GS116Ev2 before 2017-05-11, GSS108E before 2017-05-11, GSS116E before 2017-05-11, XS708Ev2 before 2017-05-11, and XS716E before 2017-05-11.

Do I need to act?

-
0.10% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.5/10 Medium
ADJACENT_NETWORK / LOW complexity

Affected Products (12)

Jgs524E Firmware
Jgs524Pe Firmware
Gs105E Firmware
Gs105Pe Firmware
Gs108E Firmware
Gs108Pe Firmware
Gs116E Firmware
Gss108E Firmware
Gss116E Firmware
Xs708E Firmware
Xs716E Firmware

Affected Vendors

Netgear

References (2)

Vendor Advisory https://kb.netgear.com/000037849/Security-Advisory-for-Authentication-Bypass-on-...
Vendor Advisory https://kb.netgear.com/000037849/Security-Advisory-for-Authentication-Bypass-on-...
38
/ 100
moderate-risk
Severity 21/34 · High
Exploitability 0/34 · Minimal
Exposure 17/34 · Moderate