Unrated severityNVD Advisory· Published Apr 20, 2020· Updated Aug 5, 2024

CVE-2017-18830

Description

Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Certain NETGEAR fully managed switches are vulnerable to vertical privilege escalation, allowing local attackers to gain elevated privileges.

Vulnerability

A vertical privilege escalation vulnerability exists in NETGEAR M4300 and M4200 series fully managed switches running firmware versions prior to 12.0.2.15. The vulnerability affects the following models: M4300-28G, M4300-52G, M4300-28G-POE+, M4300-52G-POE+, M4300-8X8F, M4300-12X12F, M4300-24X24F, M4300-24X, M4300-48X, and M4200 [1].

Exploitation

An attacker with local access to the device and low-privileged credentials can exploit this vulnerability. The exact attack vector is not detailed, but it involves leveraging a flaw in the firmware to escalate privileges [1].

Impact

Successful exploitation allows an attacker to gain higher privileges on the device, potentially leading to full administrative control. This can result in disclosure of sensitive information, modification of device configurations, or denial of service [1].

Mitigation

NETGEAR released firmware version 12.0.2.15 to fix this vulnerability. Affected users should update to this version or later. No workarounds are provided; upgrading is strongly recommended [1].

References

Security Advisory for Vertical Privilege Escalation on Some Fully Managed Switches, PSV-2017-1205

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

NETGEAR/M4300-28Gdescription
Netgear/M4300-28Gllm-fuzzy
Range: <12.0.2.15
Netgear/M4200llm-fuzzy
Range: <12.0.2.15
Netgear/M4300-52Gllm-fuzzy
Range: <12.0.2.15

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

kb.netgear.com/000049021/Security-Advisory-for-Vertical-Privilege-Escalation-on-Some-Fully-Managed-Switches-PSV-2017-1205mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000