CVE-2017-18715

Vulnerability

A reflected cross-site scripting (XSS) vulnerability exists in the web-based management interface of several NETGEAR extender models. The flaw occurs when user-supplied input is not properly sanitized before being reflected in the response. Affected models include EX3700, EX3800, EX6100, EX6120, EX6150, EX6200, and EX7000. The vulnerability is present in firmware versions prior to 1.0.0.66 for EX3700 and EX3800, prior to 1.0.2.20 for EX6100, prior to 1.0.0.34 for EX6120, prior to 1.0.0.36 for EX6150, prior to 1.0.3.84 for EX6200, and prior to 1.0.0.60 for EX7000 [1].

Exploitation

An attacker can exploit this vulnerability by crafting a malicious URL containing JavaScript code. The attacker must be on the same network as the target device (adjacent network) and trick a logged-in administrator into clicking the crafted link. No authentication is required to trigger the reflection, but the victim must be authenticated to the device's web interface for the injected script to execute in the context of the session [1].

Impact

Successful exploitation allows the attacker to execute arbitrary JavaScript in the victim's browser within the security context of the affected extender's web interface. This can lead to disclosure of session cookies, modification of device settings, or other actions that the authenticated user can perform. The CVSS v3 score is 5.2 (Medium), with vector AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, indicating limited impact on confidentiality and integrity [1].

Mitigation

NETGEAR has released fixed firmware versions for all affected models. Users should upgrade to the following versions or later: EX3700/EX3800 to 1.0.0.66, EX6100 to 1.0.2.20, EX6120 to 1.0.0.34, EX6150 to 1.0.0.36, EX6200 to 1.0.3.84, and EX7000 to 1.0.0.60. The firmware can be downloaded from the NETGEAR Support website. No workarounds are provided; updating is the only mitigation [1].