CVE-2017-18807

Vulnerability

Stored cross-site scripting (XSS) vulnerability affects all NETGEAR ReadyNAS OS 6 devices running firmware versions prior to 6.8.0 [1]. The vulnerability allows an authenticated administrator to inject arbitrary web script or HTML into the device's web interface, which is stored and later executed in the context of another user's session.

Exploitation

Exploitation requires an authenticated attacker with administrative privileges on the ReadyNAS device. The attacker must have the ability to input data that is subsequently stored and rendered by the web interface without proper sanitization [1]. The exact input vector is not disclosed in the available reference, but the CVSS vector (AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L) indicates local access, low complexity, high privileges, and user interaction required for the attack to succeed [1].

Impact

Successful exploitation allows an attacker to execute arbitrary JavaScript in the context of the web interface of another authenticated user, potentially leading to low-level compromise of confidentiality, integrity, and availability of information displayed or processed by the device's management interface [1]. The scope is changed, meaning the injected script can affect resources beyond the vulnerable component.

Mitigation

NETGEAR has released firmware version 6.8.0 to address this vulnerability [1]. Users are strongly recommended to download and install the latest firmware for their specific ReadyNAS OS 6 model from NETGEAR Support [1]. No workarounds are provided, and the vulnerability is not listed on CISA's Known Exploited Vulnerabilities Catalog as of the publication date.