VYPR
← All advisories
Unrated severityNVD Advisory· Published Apr 20, 2020· Updated Aug 5, 2024

CVE-2017-18823

CVE-2017-18823

Description

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

NETGEAR M4300 and M4200 switches have a security misconfiguration allowing local attackers to compromise integrity and availability.

Vulnerability

NETGEAR M4300 and M4200 series fully managed switches running firmware versions prior to 12.0.2.15 contain a security misconfiguration vulnerability [1]. The affected models include M4300-28G, M4300-52G, M4300-28G-POE+, M4300-52G-POE+, M4300-8X8F, M4300-12X12F, M4300-24X24F, M4300-24X, M4300-48X, and M4200. The incorrect configuration of security settings exposes the devices to potential compromise.

Exploitation

An attacker with local network access (AV:L) can exploit this vulnerability without requiring any privileges or user interaction [1]. The exact exploitation steps are not detailed in the advisory, but the low attack complexity (AC:L) suggests that the misconfiguration can be leveraged directly.

Impact

Successful exploitation allows the attacker to compromise the integrity and availability of the affected switch, with no impact on confidentiality (CVSS: C:N/I:H/A:H) [1]. This could lead to unauthorized changes to device configuration or denial of service.

Mitigation

NETGEAR has released firmware version 12.0.2.15 to address this vulnerability [1]. Users are strongly recommended to upgrade to this version or later. No workarounds are provided. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.

References
  1. Security Advisory for Security Misconfiguration on Some Fully Managed Switches, PSV-2017-1943

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

3

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.