Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-18715

Certain NETGEAR devices are affected by reflected XSS. This affects EX3700 before 1.0.0.66, EX3800 before 1.0.0.66, EX6100 before 1.0.2.20, EX6120 before 1.0.0.34, EX6150 before 1.0.0.36, EX6200 before 1.0.3.84, and EX7000 before 1.0.0.60.

Published

2020-04-24T14:15:13.060

Last Modified

2024-11-21T03:20:44.233

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.1 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	netgear	ex3700_firmware	< 1.0.0.66	Yes
Hardware	netgear	ex3700	-	No
Operating System	netgear	ex3800_firmware	< 1.0.0.66	Yes
Hardware	netgear	ex3800	-	No
Operating System	netgear	ex6100_firmware	< 1.0.2.20	Yes
Hardware	netgear	ex6100	-	No
Operating System	netgear	ex6120_firmware	< 1.0.0.34	Yes
Hardware	netgear	ex6120	-	No
Operating System	netgear	ex6150_firmware	< 1.0.0.36	Yes
Hardware	netgear	ex6150	-	No
Operating System	netgear	ex6200_firmware	< 1.0.3.84	Yes
Hardware	netgear	ex6200	-	No
Operating System	netgear	ex7000_firmware	< 1.0.0.60	Yes
Hardware	netgear	ex7000	-	No

References

https://kb.netgear.com/000053133/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Extenders-PSV-2016-0075 Vendor Advisory ([email protected])
https://kb.netgear.com/000053133/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Extenders-PSV-2016-0075 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)