CVE-2017-18821

Vulnerability

A stored cross-site scripting (XSS) vulnerability exists in certain NETGEAR fully managed switches. Affected models include M4300-28G, M4300-52G, M4300-28G-POE+, M4300-52G-POE+, M4300-8X8F, M4300-12X12F, M4300-24X24F, M4300-24X, M4300-48X, and M4200, all running firmware versions prior to 12.0.2.15. The vulnerability is present in the device's web management interface where user-supplied input is not properly sanitized before being stored and later displayed to other authenticated administrators [1].

Exploitation

Exploitation requires an authenticated attacker with administrative privileges to the web management interface. The attacker submits crafted input containing malicious JavaScript through a vulnerable form field. When another administrator accesses the affected page, the stored script executes in the context of the victim's browser session. The CVSS vector AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L indicates low attack complexity but requires high privileges and user interaction [1].

Impact

Successful exploitation allows the attacker to inject arbitrary script into the management interface, potentially leading to disclosure of session tokens, modification of switch configuration within the victim's session, or other actions the victim can perform. The CVSS v3 score is 5.2 (Medium), with impacts on confidentiality, integrity, and availability rated as low [1].

Mitigation

NETGEAR has released firmware version 12.0.2.15 that fixes the stored XSS vulnerability on all affected models [1]. Users should download the latest firmware from NETGEAR Support and install it immediately. No workarounds are documented; updating the firmware is the only remediation [1].