VYPR
← All advisories
Unrated severityNVD Advisory· Published Apr 20, 2020· Updated Aug 5, 2024

CVE-2017-18836

CVE-2017-18836

Description

Certain NETGEAR devices are affected by denial of service. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

NETGEAR M4300 and M4200 switches before firmware 12.0.2.15 are vulnerable to denial of service.

Vulnerability

A denial of service vulnerability exists in certain NETGEAR fully managed switches, including M4300-28G, M4300-52G, M4300-28G-POE+, M4300-52G-POE+, M4300-8X8F, M4300-12X12F, M4300-24X24F, M4300-24X, M4300-48X, and M4200, running firmware versions prior to 12.0.2.15. The exact nature of the bug is not disclosed in the available references, but it allows an attacker to cause a denial of service condition [1].

Exploitation

An attacker requires local access to the device to exploit this vulnerability. The Common Vulnerability Scoring System (CVSS) vector AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H indicates local access, low attack complexity, no privileges required, and no user interaction. The specific steps for exploitation are not detailed in the advisory [1].

Impact

Successful exploitation results in a denial of service, affecting the availability of the switch. There is no impact on confidentiality or integrity. The CVSS base score is 6.2 (Medium) with a high availability impact [1].

Mitigation

NETGEAR has released firmware version 12.0.2.15 to address this vulnerability for all affected models. Users are strongly recommended to download and install the latest firmware from NETGEAR Support. No workarounds are provided [1].

References
  1. Security Advisory for Denial of Service on Some Fully Managed Switches, PSV-2017-1959

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

4

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.