CVE-2017-18860
https://notcve.org/view.php?id=CVE-2017-18860
Certain NETGEAR devices are affected by debugging command execution. This affects FS752TP 5.4.2.19 and earlier, GS108Tv2 5.4.2.29 and earlier, GS110TP 5.4.2.29 and earlier, GS418TPP 6.6.2.6 and earlier, GS510TLP 6.6.2.6 and earlier, GS510TP 5.04.2.27 and earlier, GS510TPP 6.6.2.6 and earlier, GS716Tv2 5.4.2.27 and earlier, GS716Tv3 6.3.1.16 and earlier, GS724Tv3 5.4.2.27 and earlier, GS724Tv4 6.3.1.16 and earlier, GS728TPSB 5.3.0.29 and earlier, GS728TSB 5.3.0.29 and earlier, GS728TXS 6.1.0.35 and earlier, GS748Tv4 5.4.2.27 and earlier, GS748Tv5 6.3.1.16 and earlier, GS752TPSB 5.3.0.29 and earlier, GS752TSB 5.3.0.29 and earlier, GS752TXS 6.1.0.35 and earlier, M4200 12.0.2.10 and earlier, M4300 12.0.2.10 and earlier, M5300 11.0.0.28 and earlier, M6100 11.0.0.28 and earlier, M7100 11.0.0.28 and earlier, S3300 6.6.1.4 and earlier, XS708T 6.6.0.11 and earlier, XS712T 6.1.0.34 and earlier, and XS716T 6.6.0.11 and earlier. Determinados dispositivos NETGEAR están afectados por una ejecución de comandos de depuración. Esto afecta a FS752TP versiones 5.4.2.19 y anteriores, GS108Tv2 versiones 5.4.2.29 y anteriores, GS110TP versiones 5.4.2.29 y anteriores, GS418TPP versiones 6.6.2.6 y anteriores, GS510TLP versiones 6.6.2.6 y anteriores, GS510TP versiones 5.04.2.27 y anteriores, GS510TPP versiones 6.6.2.6 y anteriores, GS716Tv2 versiones 5.4.2.27 y anteriores, GS716Tv3 versiones 6.3.1.16 y anteriores, GS724Tv3 versiones 5.4.2.27 y anteriores, GS724Tv4 versiones 6.3.1.16 y anteriores, GS728TPSB versiones 5.3.0.29 y anteriores, GS728TSB versiones 5.3.0.29 y anteriores, GS728TXS versiones 6.1.0. 35 y anteriores, GS748Tv4 versiones 5.4.2.27 y anteriores, GS748Tv5 versiones 6.3.1.16 y anteriores, GS752TPSB versiones 5.3.0.29 y anteriores, GS752TSB versiones 5.3.0.29 y anteriores, GS752TXS versiones 6.1.0.35 y anteriores, M4200 versiones 12.0.2.10 y anteriores, M4300 versiones 12.0.2. 10 y anteriores, M5300 versiones 11.0.0.28 y anteriores, M6100 versiones 11.0.0.28 y anteriores, M7100 versiones 11.0.0.28 y anteriores, S3300 versiones 6.6.1.4 y anteriores, XS708T versiones 6.6.0.11 y anteriores, XS712T versiones 6.1.0.34 y anteriores, y XS716T versiones 6.6.0.11 y anteriores. • https://kb.netgear.com/000038519/Security-Advisory-for-Authentication-Bypass-and-Remote-Command-Execution-on-Some-Smart-and-Managed-Switches-PSV-2017-0857 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2017-18821
https://notcve.org/view.php?id=CVE-2017-18821
Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. Determinados dispositivos NETGEAR, están afectados por una vulnerabilidad de tipo XSS almacenado. Esto afecta a M4300-28G versiones anteriores a la versión 12.0.2.15, M4300-52G versiones anteriores a la versión 12.0.2.15, M4300-28G-POE+ versiones anteriores a la versión 12.0.2.15, M4300-52G-POE+ versiones anteriores a 12.0.2.15, M4300-8X8F versiones anteriores a 12. 0.2.15, M4300-12X12F versiones anteriores a 12.0.2.15, M4300-24X24F versiones anteriores a 12.0.2.15, M4300-24X versiones anteriores a 12.0.2.15, M4300-48X versiones anteriores a 12.0.2.15, y M4200 versiones anteriores a 12.0.2.15. • https://kb.netgear.com/000049044/Security-Advisory-for-Store-Cross-Site-Scripting-on-Some-Fully-Managed-Switches-PSV-2017-1948 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-18822
https://notcve.org/view.php?id=CVE-2017-18822
Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. Determinados dispositivos NETGEAR, están afectados por una escalada de privilegios vertical. Esto afecta a M4300-28G versiones anteriores a 12.0.2.15, M4300-52G versiones anteriores a 12.0.2.15, M4300-28G-POE+ versiones anteriores a 12.0.2.15, M4300-52G-POE+ versiones anteriores a 12.0.2.15, M4300-8X8F versiones anteriores a 12. 0.2.15, M4300-12X12F versiones anteriores a 12.0.2.15, M4300-24X24F versiones anteriores a 12.0.2.15, M4300-24X versiones anteriores a 12.0.2.15, M4300-48X versiones anteriores a 12.0.2.15, y M4200 versiones anteriores a 12.0.2.15. • https://kb.netgear.com/000049043/Security-Advisory-for-Vertical-Privilege-Escalation-on-Some-Fully-Managed-Switches-PSV-2017-1944 • CWE-269: Improper Privilege Management •
CVE-2017-18823
https://notcve.org/view.php?id=CVE-2017-18823
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. Determinados dispositivos NETGEAR, están afectados por una configuración incorrecta de los ajustes de seguridad. Esto afecta a M4300-28G versiones anteriores a 12.0.2.15, M4300-52G versiones anteriores a 12.0.2.15, M4300-28G-POE+ versiones anteriores a 12.0.2.15, M4300-52G-POE+ versiones anteriores a 12.0.2.15, M4300-8X8F versiones anteriores a 12. 0.2.15, M4300-12X12F versiones anteriores a 12.0.2.15, M4300-24X24F versiones anteriores a 12.0.2.15, M4300-24X versiones anteriores a 12.0.2.15, M4300-48X versiones anteriores a 12.0.2.15, y M4200 versiones anteriores a 12.0.2.15. • https://kb.netgear.com/000049042/Security-Advisory-for-Security-Misconfiguration-on-Some-Fully-Managed-Switches-PSV-2017-1943 •
CVE-2017-18824
https://notcve.org/view.php?id=CVE-2017-18824
Certain NETGEAR devices are affected by directory traversal. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. Determinados dispositivos NETGEAR, están afectados por un salto de directorio. Esto afecta a M4300-28G versiones anteriores a 12.0.2.15, M4300-52G versiones anteriores a 12.0.2.15, M4300-28G-POE+ versiones anteriores a 12.0.2.15, M4300-52G-POE+ versiones anteriores a 12.0.2.15, M4300-8X8F versiones anteriores a 12. 0.2.15, M4300-12X12F versiones anteriores a 12.0.2.15, M4300-24X24F versiones anteriores a 12.0.2.15, M4300-24X versiones anteriores a 12.0.2.15, M4300-48X versiones anteriores a 12.0.2.15, y M4200 versiones anteriores a 12.0.2.15. • https://kb.netgear.com/000049041/Security-Advisory-for-Directory-Traversal-on-Some-Fully-Managed-Switches-PSV-2017-1942 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •