CVSS: 10.0EPSS: 0%CPEs: 20EXPL: 0CVE-2017-18858
https://notcve.org/view.php?id=CVE-2017-18858
Certain NETGEAR devices are affected by command execution. This affects M4200-10MG-POE+ 12.0.2.11 and earlier, M4300-28G 12.0.2.11 and earlier, M4300-52G 12.0.2.11 and earlier, M4300-28G-POE+ 12.0.2.11 and earlier, M4300-52G-POE+ 12.0.2.11 and earlier, M4300-8X8F 12.0.2.11 and earlier, M4300-12X12F 12.0.2.11 and earlier, M4300-24X24F 12.0.2.11 and earlier, M4300-24X 12.0.2.11 and earlier, and M4300-48X 12.0.2.11 and earlier. Determinados dispositivos de NETGEAR están afectados por una ejecución de comandos. Esto afecta a M4200-10MG-POE+ versiones 12.0.2.11 y anteriores, M4300-28G versiones 12.0.2.11 y anteriores, M4300-52G versiones 12.0.2.11 y anteriores, M4300-28G-POE+ versiones 12.0.2.11 y anteriores, M4300-52G-POE+ versiones 12.0.2.11 y anteriores, M4300-8X8F versiones 12.0.2.11 y anteriores, M4300-12X12F versiones 12.0.2.11 y anteriores, M4300-24X24F versiones 12.0.2.11 y anteriores, M4300-24X versiones 12.0.2.11 y anteriores, y M4300-48X versiones 12.0.2.11 y anteriores. • https://kb.netgear.com/000038655/Security-Advisory-for-Unauthenticated-Remote-Code-Execution-on-M4200-and-M4300-PSV-2017-1971 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.2EPSS: 0%CPEs: 20EXPL: 0CVE-2017-18821
https://notcve.org/view.php?id=CVE-2017-18821
Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. Determinados dispositivos NETGEAR, están afectados por una vulnerabilidad de tipo XSS almacenado. Esto afecta a M4300-28G versiones anteriores a la versión 12.0.2.15, M4300-52G versiones anteriores a la versión 12.0.2.15, M4300-28G-POE+ versiones anteriores a la versión 12.0.2.15, M4300-52G-POE+ versiones anteriores a 12.0.2.15, M4300-8X8F versiones anteriores a 12. 0.2.15, M4300-12X12F versiones anteriores a 12.0.2.15, M4300-24X24F versiones anteriores a 12.0.2.15, M4300-24X versiones anteriores a 12.0.2.15, M4300-48X versiones anteriores a 12.0.2.15, y M4200 versiones anteriores a 12.0.2.15. • https://kb.netgear.com/000049044/Security-Advisory-for-Store-Cross-Site-Scripting-on-Some-Fully-Managed-Switches-PSV-2017-1948 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2017-18822
https://notcve.org/view.php?id=CVE-2017-18822
Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. Determinados dispositivos NETGEAR, están afectados por una escalada de privilegios vertical. Esto afecta a M4300-28G versiones anteriores a 12.0.2.15, M4300-52G versiones anteriores a 12.0.2.15, M4300-28G-POE+ versiones anteriores a 12.0.2.15, M4300-52G-POE+ versiones anteriores a 12.0.2.15, M4300-8X8F versiones anteriores a 12. 0.2.15, M4300-12X12F versiones anteriores a 12.0.2.15, M4300-24X24F versiones anteriores a 12.0.2.15, M4300-24X versiones anteriores a 12.0.2.15, M4300-48X versiones anteriores a 12.0.2.15, y M4200 versiones anteriores a 12.0.2.15. • https://kb.netgear.com/000049043/Security-Advisory-for-Vertical-Privilege-Escalation-on-Some-Fully-Managed-Switches-PSV-2017-1944 • CWE-269: Improper Privilege Management •
CVSS: 7.7EPSS: 0%CPEs: 20EXPL: 0CVE-2017-18823
https://notcve.org/view.php?id=CVE-2017-18823
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. Determinados dispositivos NETGEAR, están afectados por una configuración incorrecta de los ajustes de seguridad. Esto afecta a M4300-28G versiones anteriores a 12.0.2.15, M4300-52G versiones anteriores a 12.0.2.15, M4300-28G-POE+ versiones anteriores a 12.0.2.15, M4300-52G-POE+ versiones anteriores a 12.0.2.15, M4300-8X8F versiones anteriores a 12. 0.2.15, M4300-12X12F versiones anteriores a 12.0.2.15, M4300-24X24F versiones anteriores a 12.0.2.15, M4300-24X versiones anteriores a 12.0.2.15, M4300-48X versiones anteriores a 12.0.2.15, y M4200 versiones anteriores a 12.0.2.15. • https://kb.netgear.com/000049042/Security-Advisory-for-Security-Misconfiguration-on-Some-Fully-Managed-Switches-PSV-2017-1943 •
CVSS: 4.0EPSS: 0%CPEs: 20EXPL: 0CVE-2017-18824
https://notcve.org/view.php?id=CVE-2017-18824
Certain NETGEAR devices are affected by directory traversal. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. Determinados dispositivos NETGEAR, están afectados por un salto de directorio. Esto afecta a M4300-28G versiones anteriores a 12.0.2.15, M4300-52G versiones anteriores a 12.0.2.15, M4300-28G-POE+ versiones anteriores a 12.0.2.15, M4300-52G-POE+ versiones anteriores a 12.0.2.15, M4300-8X8F versiones anteriores a 12. 0.2.15, M4300-12X12F versiones anteriores a 12.0.2.15, M4300-24X24F versiones anteriores a 12.0.2.15, M4300-24X versiones anteriores a 12.0.2.15, M4300-48X versiones anteriores a 12.0.2.15, y M4200 versiones anteriores a 12.0.2.15. • https://kb.netgear.com/000049041/Security-Advisory-for-Directory-Traversal-on-Some-Fully-Managed-Switches-PSV-2017-1942 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •