CVE-2017-18831

Vulnerability

A stored cross-site scripting (XSS) vulnerability exists in multiple NETGEAR fully managed switch models. Affected devices include M4300-28G, M4300-52G, M4300-28G-POE+, M4300-52G-POE+, M4300-8X8F, M4300-12X12F, M4300-24X24F, M4300-24X, M4300-48X, and M4200, all running firmware versions prior to 12.0.2.15 [1]. The vulnerability allows an authenticated user with local access to inject malicious script code that is stored on the device.

Exploitation

To exploit this vulnerability, an attacker must have valid credentials and local network access to the affected switch. The attacker can inject a script payload through a vulnerable input field in the device's management interface. The stored script then executes in the context of the switch's web interface whenever another authenticated user, including an administrator, accesses the affected page. The CVSS v3 vector indicates the attack vector is local, requires low privileges, and does not require user interaction (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) [1].

Impact

Successful exploitation enables an authenticated attacker to execute arbitrary JavaScript in the browser of another authenticated user. This can lead to session hijacking, defacement, or theft of sensitive information. The CVSS score of 7.8 (High) reflects the potential for high confidentiality, integrity, and availability impact, with scope change meaning the vulnerable component impacts resources beyond its security scope [1].

Mitigation

NETGEAR released firmware version 12.0.2.15 to fix this vulnerability [1]. Users must download and install the latest firmware from the NETGEAR support site for each affected model. No workaround is available; updating to 12.0.2.15 or later eliminates the stored XSS vulnerability.