CVSS: 7.7EPSS: 0%CPEs: 56EXPL: 0CVE-2017-18860
https://notcve.org/view.php?id=CVE-2017-18860
Certain NETGEAR devices are affected by debugging command execution. This affects FS752TP 5.4.2.19 and earlier, GS108Tv2 5.4.2.29 and earlier, GS110TP 5.4.2.29 and earlier, GS418TPP 6.6.2.6 and earlier, GS510TLP 6.6.2.6 and earlier, GS510TP 5.04.2.27 and earlier, GS510TPP 6.6.2.6 and earlier, GS716Tv2 5.4.2.27 and earlier, GS716Tv3 6.3.1.16 and earlier, GS724Tv3 5.4.2.27 and earlier, GS724Tv4 6.3.1.16 and earlier, GS728TPSB 5.3.0.29 and earlier, GS728TSB 5.3.0.29 and earlier, GS728TXS 6.1.0.35 and earlier, GS748Tv4 5.4.2.27 and earlier, GS748Tv5 6.3.1.16 and earlier, GS752TPSB 5.3.0.29 and earlier, GS752TSB 5.3.0.29 and earlier, GS752TXS 6.1.0.35 and earlier, M4200 12.0.2.10 and earlier, M4300 12.0.2.10 and earlier, M5300 11.0.0.28 and earlier, M6100 11.0.0.28 and earlier, M7100 11.0.0.28 and earlier, S3300 6.6.1.4 and earlier, XS708T 6.6.0.11 and earlier, XS712T 6.1.0.34 and earlier, and XS716T 6.6.0.11 and earlier. Determinados dispositivos NETGEAR están afectados por una ejecución de comandos de depuración. Esto afecta a FS752TP versiones 5.4.2.19 y anteriores, GS108Tv2 versiones 5.4.2.29 y anteriores, GS110TP versiones 5.4.2.29 y anteriores, GS418TPP versiones 6.6.2.6 y anteriores, GS510TLP versiones 6.6.2.6 y anteriores, GS510TP versiones 5.04.2.27 y anteriores, GS510TPP versiones 6.6.2.6 y anteriores, GS716Tv2 versiones 5.4.2.27 y anteriores, GS716Tv3 versiones 6.3.1.16 y anteriores, GS724Tv3 versiones 5.4.2.27 y anteriores, GS724Tv4 versiones 6.3.1.16 y anteriores, GS728TPSB versiones 5.3.0.29 y anteriores, GS728TSB versiones 5.3.0.29 y anteriores, GS728TXS versiones 6.1.0. 35 y anteriores, GS748Tv4 versiones 5.4.2.27 y anteriores, GS748Tv5 versiones 6.3.1.16 y anteriores, GS752TPSB versiones 5.3.0.29 y anteriores, GS752TSB versiones 5.3.0.29 y anteriores, GS752TXS versiones 6.1.0.35 y anteriores, M4200 versiones 12.0.2.10 y anteriores, M4300 versiones 12.0.2. 10 y anteriores, M5300 versiones 11.0.0.28 y anteriores, M6100 versiones 11.0.0.28 y anteriores, M7100 versiones 11.0.0.28 y anteriores, S3300 versiones 6.6.1.4 y anteriores, XS708T versiones 6.6.0.11 y anteriores, XS712T versiones 6.1.0.34 y anteriores, y XS716T versiones 6.6.0.11 y anteriores. • https://kb.netgear.com/000038519/Security-Advisory-for-Authentication-Bypass-and-Remote-Command-Execution-on-Some-Smart-and-Managed-Switches-PSV-2017-0857 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 10.0EPSS: 0%CPEs: 20EXPL: 0CVE-2017-18858
https://notcve.org/view.php?id=CVE-2017-18858
Certain NETGEAR devices are affected by command execution. This affects M4200-10MG-POE+ 12.0.2.11 and earlier, M4300-28G 12.0.2.11 and earlier, M4300-52G 12.0.2.11 and earlier, M4300-28G-POE+ 12.0.2.11 and earlier, M4300-52G-POE+ 12.0.2.11 and earlier, M4300-8X8F 12.0.2.11 and earlier, M4300-12X12F 12.0.2.11 and earlier, M4300-24X24F 12.0.2.11 and earlier, M4300-24X 12.0.2.11 and earlier, and M4300-48X 12.0.2.11 and earlier. Determinados dispositivos de NETGEAR están afectados por una ejecución de comandos. Esto afecta a M4200-10MG-POE+ versiones 12.0.2.11 y anteriores, M4300-28G versiones 12.0.2.11 y anteriores, M4300-52G versiones 12.0.2.11 y anteriores, M4300-28G-POE+ versiones 12.0.2.11 y anteriores, M4300-52G-POE+ versiones 12.0.2.11 y anteriores, M4300-8X8F versiones 12.0.2.11 y anteriores, M4300-12X12F versiones 12.0.2.11 y anteriores, M4300-24X24F versiones 12.0.2.11 y anteriores, M4300-24X versiones 12.0.2.11 y anteriores, y M4300-48X versiones 12.0.2.11 y anteriores. • https://kb.netgear.com/000038655/Security-Advisory-for-Unauthenticated-Remote-Code-Execution-on-M4200-and-M4300-PSV-2017-1971 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.2EPSS: 0%CPEs: 20EXPL: 0CVE-2017-18821
https://notcve.org/view.php?id=CVE-2017-18821
Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. Determinados dispositivos NETGEAR, están afectados por una vulnerabilidad de tipo XSS almacenado. Esto afecta a M4300-28G versiones anteriores a la versión 12.0.2.15, M4300-52G versiones anteriores a la versión 12.0.2.15, M4300-28G-POE+ versiones anteriores a la versión 12.0.2.15, M4300-52G-POE+ versiones anteriores a 12.0.2.15, M4300-8X8F versiones anteriores a 12. 0.2.15, M4300-12X12F versiones anteriores a 12.0.2.15, M4300-24X24F versiones anteriores a 12.0.2.15, M4300-24X versiones anteriores a 12.0.2.15, M4300-48X versiones anteriores a 12.0.2.15, y M4200 versiones anteriores a 12.0.2.15. • https://kb.netgear.com/000049044/Security-Advisory-for-Store-Cross-Site-Scripting-on-Some-Fully-Managed-Switches-PSV-2017-1948 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2017-18822
https://notcve.org/view.php?id=CVE-2017-18822
Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. Determinados dispositivos NETGEAR, están afectados por una escalada de privilegios vertical. Esto afecta a M4300-28G versiones anteriores a 12.0.2.15, M4300-52G versiones anteriores a 12.0.2.15, M4300-28G-POE+ versiones anteriores a 12.0.2.15, M4300-52G-POE+ versiones anteriores a 12.0.2.15, M4300-8X8F versiones anteriores a 12. 0.2.15, M4300-12X12F versiones anteriores a 12.0.2.15, M4300-24X24F versiones anteriores a 12.0.2.15, M4300-24X versiones anteriores a 12.0.2.15, M4300-48X versiones anteriores a 12.0.2.15, y M4200 versiones anteriores a 12.0.2.15. • https://kb.netgear.com/000049043/Security-Advisory-for-Vertical-Privilege-Escalation-on-Some-Fully-Managed-Switches-PSV-2017-1944 • CWE-269: Improper Privilege Management •
CVSS: 7.7EPSS: 0%CPEs: 20EXPL: 0CVE-2017-18823
https://notcve.org/view.php?id=CVE-2017-18823
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. Determinados dispositivos NETGEAR, están afectados por una configuración incorrecta de los ajustes de seguridad. Esto afecta a M4300-28G versiones anteriores a 12.0.2.15, M4300-52G versiones anteriores a 12.0.2.15, M4300-28G-POE+ versiones anteriores a 12.0.2.15, M4300-52G-POE+ versiones anteriores a 12.0.2.15, M4300-8X8F versiones anteriores a 12. 0.2.15, M4300-12X12F versiones anteriores a 12.0.2.15, M4300-24X24F versiones anteriores a 12.0.2.15, M4300-24X versiones anteriores a 12.0.2.15, M4300-48X versiones anteriores a 12.0.2.15, y M4200 versiones anteriores a 12.0.2.15. • https://kb.netgear.com/000049042/Security-Advisory-for-Security-Misconfiguration-on-Some-Fully-Managed-Switches-PSV-2017-1943 •