CVE-2017-18858 — CRITICAL (9.8)

Q: How severe is CVE-2017-18858?

CVE-2017-18858 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2017-18858?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear M4200-10Mg-Poe\+ Firmware, Netgear M4200-10Mg-Poe\+, Netgear M4300-28G Firmware, Netgear M4300-28G, Netgear M4300-52G Firmware.

Vulnerability Description

Certain NETGEAR devices are affected by command execution. This affects M4200-10MG-POE+ 12.0.2.11 and earlier, M4300-28G 12.0.2.11 and earlier, M4300-52G 12.0.2.11 and earlier, M4300-28G-POE+ 12.0.2.11 and earlier, M4300-52G-POE+ 12.0.2.11 and earlier, M4300-8X8F 12.0.2.11 and earlier, M4300-12X12F 12.0.2.11 and earlier, M4300-24X24F 12.0.2.11 and earlier, M4300-24X 12.0.2.11 and earlier, and M4300-48X 12.0.2.11 and earlier.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Netgear	M4200-10Mg-Poe\+ Firmware	<= 12.0.2.11
Netgear	M4200-10Mg-Poe\+	-
Netgear	M4300-28G Firmware	<= 12.0.2.11
Netgear	M4300-28G	-
Netgear	M4300-52G Firmware	<= 12.0.2.11
Netgear	M4300-52G	-
Netgear	M4300-28G-Poe\+ Firmware	<= 12.0.2.11
Netgear	M4300-28G-Poe\+	-
Netgear	M4300-52G-Poe\+ Firmware	<= 12.0.2.11
Netgear	M4300-52G-Poe\+	-
Netgear	M4300-8X8F Firmware	<= 12.0.2.11
Netgear	M4300-8X8F	-
Netgear	M4300-12X12F Firmware	<= 12.0.2.11
Netgear	M4300-12X12F	-
Netgear	M4300-24X24F Firmware	<= 12.0.2.11
Netgear	M4300-24X24F	-
Netgear	M4300-24X Firmware	<= 12.0.2.11
Netgear	M4300-24X	-
Netgear	M4300-48X Firmware	<= 12.0.2.11
Netgear	M4300-48X	-

Related Weaknesses (CWE)

CWE-78

References

https://kb.netgear.com/000038655/Security-Advisory-for-Unauthenticated-Remote-CoVendor Advisory
https://kb.netgear.com/000038655/Security-Advisory-for-Unauthenticated-Remote-CoVendor Advisory

FAQ

What is CVE-2017-18858?

CVE-2017-18858 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Certain NETGEAR devices are affected by command execution. This affects M4200-10MG-POE+ 12.0.2.11 and earlier, M4300-28G 12.0.2.11 and earlier, M4300-52G 12.0.2.11 and earlier, M4300-28G-POE+ 12.0.2.1...

How severe is CVE-2017-18858?

CVE-2017-18858 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2017-18858?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear M4200-10Mg-Poe\+ Firmware, Netgear M4200-10Mg-Poe\+, Netgear M4300-28G Firmware, Netgear M4300-28G, Netgear M4300-52G Firmware.