CVE-2017-18828

Vulnerability

A stored cross-site scripting (XSS) vulnerability exists in the web management interface of multiple NETGEAR fully managed switch models, including M4300-28G, M4300-52G, M4300-28G-POE+, M4300-52G-POE+, M4300-8X8F, M4300-12X12F, M4300-24X24F, M4300-24X, M4300-48X, and M4200. All devices running firmware versions prior to 12.0.2.15 are affected. The vulnerability allows an authenticated attacker to inject arbitrary script code into a stored configuration parameter or input field that is later rendered to other users [1].

Exploitation

An attacker must have authenticated access to the switch's web-based management interface. The attacker can craft a malicious JavaScript payload and submit it via a vulnerable input field (e.g., a device name, description, or other configuration parameter). The payload is stored on the device and executed when another administrator views the affected page [1].

Impact

Successful exploitation enables the attacker to execute arbitrary JavaScript in the context of the victim's browser session. This can lead to session hijacking, defacement of the management interface, or redirection to malicious sites. The CVSS v3 score is 5.2 (Medium), with a vector of AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L, indicating low confidentiality, integrity, and availability impact but requiring high privileges and user interaction [1].

Mitigation

NETGEAR has released firmware version 12.0.2.15 for all affected models. Users should download and install the latest firmware from the NETGEAR Support website as soon as possible. No workarounds are provided; updating to the fixed version is the only recommended mitigation [1].