Unrated severityNVD Advisory· Published Apr 20, 2020· Updated Aug 5, 2024

CVE-2017-18832

Description

Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Stored cross-site scripting (XSS) in NETGEAR M4300 and M4200 switches prior to firmware 12.0.2.15 allows authenticated high-privilege users to inject arbitrary web scripts.

Vulnerability

A stored cross-site scripting (XSS) vulnerability exists in the web management interface of certain NETGEAR fully managed switches. Affected models include M4300-28G, M4300-52G, M4300-28G-POE+, M4300-52G-POE+, M4300-8X8F, M4300-12X12F, M4300-24X24F, M4300-24X, M4300-48X, and M4200, all running firmware versions prior to 12.0.2.15 [1]. The vulnerability is present in the administrative web UI and can be exploited when an attacker with high privileges (administrator level) injects malicious script content via input fields that are later served to other users.

Exploitation

An attacker must first obtain authenticated access to the switch's web management interface with administrative-level credentials (CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L [1]). Once logged in, the attacker can inject malicious JavaScript or HTML into input fields that are stored and later rendered without proper sanitization. Successful exploitation requires that another administrator (or a user with sufficient privileges) views the affected page, triggering the stored payload. The attacker does not require physical access; the attack vector is local (logical) to the management interface.

Impact

If the stored XSS payload is executed, the attacker can perform actions within the context of the victim's session, such as modifying switch configuration, exfiltrating sensitive data displayed in the web UI (e.g., credentials or network topology), or redirecting the victim to malicious sites. The CVSS v3 score is 5.2 (Medium), with low impact to confidentiality, integrity, and availability per the CVSS vector [1].

Mitigation

NETGEAR released fixed firmware version 12.0.2.15 for all affected models. Users should download and install the latest firmware from the NETGEAR Support site as soon as possible [1]. No workarounds are documented; the vendor states the vulnerability remains if the recommended firmware update is not applied [1]. None of the affected models are listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.

References

Security Advisory for Stored Cross Site Scripting on Some Fully Managed Switches, PSV-2017-1954

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

NETGEAR/M4300-28Gdescription
Netgear/M4300-28Gllm-fuzzy
Range: <12.0.2.15
Netgear/M4200llm-fuzzy
Range: <12.0.2.15
Netgear/M4300-52Gllm-fuzzy
Range: <12.0.2.15

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

kb.netgear.com/000049030/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Fully-Managed-Switches-PSV-2017-1954mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000