CVE-2017-18715

Published: Apr 24, 2020Modified: Nov 21, 2024

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

Certain NETGEAR devices are affected by reflected XSS. This affects EX3700 before 1.0.0.66, EX3800 before 1.0.0.66, EX6100 before 1.0.2.20, EX6120 before 1.0.0.34, EX6150 before 1.0.0.36, EX6200 before 1.0.3.84, and EX7000 before 1.0.0.60.

Affected (7)

Products: Netgear: Ex3700 Firmware, Ex3800 Firmware, Ex6100 Firmware, Ex6120 Firmware, Ex6150 Firmware, Ex6200 Firmware, Ex7000 Firmware

7 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Ex3700 Firmware	Before 1.0.0.66

Running on/with	Platform Versions
Netgear Ex3700	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Ex3800 Firmware	Before 1.0.0.66

Running on/with	Platform Versions
Netgear Ex3800	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Ex6100 Firmware	Before 1.0.2.20

Running on/with	Platform Versions
Netgear Ex6100	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Ex6120 Firmware	Before 1.0.0.34

Running on/with	Platform Versions
Netgear Ex6120	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Ex6150 Firmware	Before 1.0.0.36

Running on/with	Platform Versions
Netgear Ex6150	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Ex6200 Firmware	Before 1.0.3.84

Running on/with	Platform Versions
Netgear Ex6200	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Ex7000 Firmware	Before 1.0.0.60

Running on/with	Platform Versions
Netgear Ex7000	All versions

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://kb.netgear.com/000053133/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Extenders-PSV-2016-0075

Source: cve@mitre.org

Vendor Advisory

https://kb.netgear.com/000053133/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Extenders-PSV-2016-0075

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.