Vulnerabilites related to netgear - m4200-10mg-poe\+
var-202004-1330
Vulnerability from variot
Certain NETGEAR devices are affected by command execution. This affects M4200-10MG-POE+ 12.0.2.11 and earlier, M4300-28G 12.0.2.11 and earlier, M4300-52G 12.0.2.11 and earlier, M4300-28G-POE+ 12.0.2.11 and earlier, M4300-52G-POE+ 12.0.2.11 and earlier, M4300-8X8F 12.0.2.11 and earlier, M4300-12X12F 12.0.2.11 and earlier, M4300-24X24F 12.0.2.11 and earlier, M4300-24X 12.0.2.11 and earlier, and M4300-48X 12.0.2.11 and earlier. plural NETGEAR On the device OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR M4300-28G, etc. are all managed switches of NETGEAR.
There are security vulnerabilities in many NETGEAR products. Attackers can use this vulnerability to take over the switch, access configuration files or interrupt the operation of the switch. This affects M4200-10MG-POE+ 12.0.2.11 and previous versions, M4300-28G 12.0.2.11 and previous versions, M4300-52G 12.0.2.11 and previous versions, M4300-28G-POE+ 12.0.2.11 and previous versions, M4300-52G-POE+ 12.0.2.11 and previous versions, M4300-8X8F 12.0.2.11 and previous versions, M4300-12X12F 12.0.2.11 and previous versions, M4300-24X24F 12.0.2.11 and previous versions, M4300-24X 12.0.2.11 and previous versions, and M4300-48X 12.0.2.11 and previous versions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-1330",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "m4300-52g",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "12.0.2.11"
},
{
"model": "m4300-8x8f",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "12.0.2.11"
},
{
"model": "m4300-24x",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "12.0.2.11"
},
{
"model": "m4300-28g",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "12.0.2.11"
},
{
"model": "m4300-48x",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "12.0.2.11"
},
{
"model": "m4200-10mg-poe\\+",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "12.0.2.11"
},
{
"model": "m4300-52g-poe\\+",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "12.0.2.11"
},
{
"model": "m4300-28g-poe\\+",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "12.0.2.11"
},
{
"model": "m4300-24x24f",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "12.0.2.11"
},
{
"model": "m4300-12x12f",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "12.0.2.11"
},
{
"model": "m4200-10mg-poe+",
"scope": "eq",
"trust": 0.9,
"vendor": "netgear",
"version": "12.0.2.11"
},
{
"model": "m4300-12x12f",
"scope": "eq",
"trust": 0.9,
"vendor": "netgear",
"version": "12.0.2.11"
},
{
"model": "m4300-24x24f",
"scope": "eq",
"trust": 0.9,
"vendor": "netgear",
"version": "12.0.2.11"
},
{
"model": "m4300-24x",
"scope": "eq",
"trust": 0.9,
"vendor": "netgear",
"version": "12.0.2.11"
},
{
"model": "m4300-28g-poe+",
"scope": "eq",
"trust": 0.9,
"vendor": "netgear",
"version": "12.0.2.11"
},
{
"model": "m4300-28g",
"scope": "eq",
"trust": 0.9,
"vendor": "netgear",
"version": "12.0.2.11"
},
{
"model": "m4300-48x",
"scope": "eq",
"trust": 0.9,
"vendor": "netgear",
"version": "12.0.2.11"
},
{
"model": "m4300-52g-poe+",
"scope": "eq",
"trust": 0.9,
"vendor": "netgear",
"version": "12.0.2.11"
},
{
"model": "m4300-52g",
"scope": "eq",
"trust": 0.9,
"vendor": "netgear",
"version": "12.0.2.11"
},
{
"model": "m4300-8x8f",
"scope": "eq",
"trust": 0.9,
"vendor": "netgear",
"version": "12.0.2.11"
},
{
"model": "m4200-10mg-poe+",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=12.0.2.11"
},
{
"model": "m4300-28g",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=12.0.2.11"
},
{
"model": "m4300-52g",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=12.0.2.11"
},
{
"model": "m4300-28g-poe+",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=12.0.2.11"
},
{
"model": "m4300-52g-poe+",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=12.0.2.11"
},
{
"model": "m4300-8x8f",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=12.0.2.11"
},
{
"model": "m4300-12x12f",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=12.0.2.11"
},
{
"model": "m4300-24x24f",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=12.0.2.11"
},
{
"model": "m4300-24x",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=12.0.2.11"
},
{
"model": "m4300-48x",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=12.0.2.11"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-48926"
},
{
"db": "VULMON",
"id": "CVE-2017-18858"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014986"
},
{
"db": "NVD",
"id": "CVE-2017-18858"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:netgear:m4200-10mg-poe%2b_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:m4300-12x12f_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:m4300-24x_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:m4300-24x24f_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:m4300-28g_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:m4300-28g-poe%2b_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:m4300-48x_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:m4300-52g_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:m4300-52g-poe%2b_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:m4300-8x8f_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014986"
}
]
},
"cve": "CVE-2017-18858",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-18858",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2017-014986",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-48926",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-18858",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-014986",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-18858",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2017-014986",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2021-48926",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-2308",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-18858",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-48926"
},
{
"db": "VULMON",
"id": "CVE-2017-18858"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014986"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2308"
},
{
"db": "NVD",
"id": "CVE-2017-18858"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR devices are affected by command execution. This affects M4200-10MG-POE+ 12.0.2.11 and earlier, M4300-28G 12.0.2.11 and earlier, M4300-52G 12.0.2.11 and earlier, M4300-28G-POE+ 12.0.2.11 and earlier, M4300-52G-POE+ 12.0.2.11 and earlier, M4300-8X8F 12.0.2.11 and earlier, M4300-12X12F 12.0.2.11 and earlier, M4300-24X24F 12.0.2.11 and earlier, M4300-24X 12.0.2.11 and earlier, and M4300-48X 12.0.2.11 and earlier. plural NETGEAR On the device OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR M4300-28G, etc. are all managed switches of NETGEAR. \n\r\n\r\nThere are security vulnerabilities in many NETGEAR products. Attackers can use this vulnerability to take over the switch, access configuration files or interrupt the operation of the switch. This affects M4200-10MG-POE+ 12.0.2.11 and previous versions, M4300-28G 12.0.2.11 and previous versions, M4300-52G 12.0.2.11 and previous versions, M4300-28G-POE+ 12.0.2.11 and previous versions, M4300-52G-POE+ 12.0.2.11 and previous versions, M4300-8X8F 12.0.2.11 and previous versions, M4300-12X12F 12.0.2.11 and previous versions, M4300-24X24F 12.0.2.11 and previous versions, M4300-24X 12.0.2.11 and previous versions, and M4300-48X 12.0.2.11 and previous versions",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-18858"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014986"
},
{
"db": "CNVD",
"id": "CNVD-2021-48926"
},
{
"db": "VULMON",
"id": "CVE-2017-18858"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-18858",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014986",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-48926",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2308",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2017-18858",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-48926"
},
{
"db": "VULMON",
"id": "CVE-2017-18858"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014986"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2308"
},
{
"db": "NVD",
"id": "CVE-2017-18858"
}
]
},
"id": "VAR-202004-1330",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-48926"
}
],
"trust": 1.093055568
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-48926"
}
]
},
"last_update_date": "2024-11-23T22:58:18.672000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Advisory for Unauthenticated Remote Code Execution on M4200 and M4300, PSV-2017-1971",
"trust": 0.8,
"url": "https://kb.netgear.com/000038655/Security-Advisory-for-Unauthenticated-Remote-Code-Execution-on-M4200-and-M4300-PSV-2017-1971"
},
{
"title": "Patch for Operating system command injection vulnerabilities in multiple NETGEAR products (CNVD-2021-48926)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/277346"
},
{
"title": "Multiple NETGEAR Product operating system command injection vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117918"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-48926"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014986"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2308"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014986"
},
{
"db": "NVD",
"id": "CVE-2017-18858"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18858"
},
{
"trust": 1.7,
"url": "https://kb.netgear.com/000038655/security-advisory-for-unauthenticated-remote-code-execution-on-m4200-and-m4300-psv-2017-1971"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18858"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-48926"
},
{
"db": "VULMON",
"id": "CVE-2017-18858"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014986"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2308"
},
{
"db": "NVD",
"id": "CVE-2017-18858"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-48926"
},
{
"db": "VULMON",
"id": "CVE-2017-18858"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014986"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2308"
},
{
"db": "NVD",
"id": "CVE-2017-18858"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-48926"
},
{
"date": "2020-04-28T00:00:00",
"db": "VULMON",
"id": "CVE-2017-18858"
},
{
"date": "2020-06-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014986"
},
{
"date": "2020-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2308"
},
{
"date": "2020-04-28T17:15:12.663000",
"db": "NVD",
"id": "CVE-2017-18858"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-48926"
},
{
"date": "2020-05-06T00:00:00",
"db": "VULMON",
"id": "CVE-2017-18858"
},
{
"date": "2020-06-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014986"
},
{
"date": "2020-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2308"
},
{
"date": "2024-11-21T03:21:06.620000",
"db": "NVD",
"id": "CVE-2017-18858"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2308"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural NETGEAR On the device OS Command injection vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014986"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2308"
}
],
"trust": 0.6
}
}
CVE-2017-18858 (GCVE-0-2017-18858)
Vulnerability from cvelistv5
Published
2020-04-28 16:43
Modified
2024-08-05 21:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Certain NETGEAR devices are affected by command execution. This affects M4200-10MG-POE+ 12.0.2.11 and earlier, M4300-28G 12.0.2.11 and earlier, M4300-52G 12.0.2.11 and earlier, M4300-28G-POE+ 12.0.2.11 and earlier, M4300-52G-POE+ 12.0.2.11 and earlier, M4300-8X8F 12.0.2.11 and earlier, M4300-12X12F 12.0.2.11 and earlier, M4300-24X24F 12.0.2.11 and earlier, M4300-24X 12.0.2.11 and earlier, and M4300-48X 12.0.2.11 and earlier.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:37:44.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.netgear.com/000038655/Security-Advisory-for-Unauthenticated-Remote-Code-Execution-on-M4200-and-M4300-PSV-2017-1971"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by command execution. This affects M4200-10MG-POE+ 12.0.2.11 and earlier, M4300-28G 12.0.2.11 and earlier, M4300-52G 12.0.2.11 and earlier, M4300-28G-POE+ 12.0.2.11 and earlier, M4300-52G-POE+ 12.0.2.11 and earlier, M4300-8X8F 12.0.2.11 and earlier, M4300-12X12F 12.0.2.11 and earlier, M4300-24X24F 12.0.2.11 and earlier, M4300-24X 12.0.2.11 and earlier, and M4300-48X 12.0.2.11 and earlier."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-28T16:43:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.netgear.com/000038655/Security-Advisory-for-Unauthenticated-Remote-Code-Execution-on-M4200-and-M4300-PSV-2017-1971"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18858",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain NETGEAR devices are affected by command execution. This affects M4200-10MG-POE+ 12.0.2.11 and earlier, M4300-28G 12.0.2.11 and earlier, M4300-52G 12.0.2.11 and earlier, M4300-28G-POE+ 12.0.2.11 and earlier, M4300-52G-POE+ 12.0.2.11 and earlier, M4300-8X8F 12.0.2.11 and earlier, M4300-12X12F 12.0.2.11 and earlier, M4300-24X24F 12.0.2.11 and earlier, M4300-24X 12.0.2.11 and earlier, and M4300-48X 12.0.2.11 and earlier."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/000038655/Security-Advisory-for-Unauthenticated-Remote-Code-Execution-on-M4200-and-M4300-PSV-2017-1971",
"refsource": "CONFIRM",
"url": "https://kb.netgear.com/000038655/Security-Advisory-for-Unauthenticated-Remote-Code-Execution-on-M4200-and-M4300-PSV-2017-1971"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18858",
"datePublished": "2020-04-28T16:43:19",
"dateReserved": "2020-04-27T00:00:00",
"dateUpdated": "2024-08-05T21:37:44.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2020-04-28 17:15
Modified
2024-11-21 03:21
Severity ?
Summary
Certain NETGEAR devices are affected by command execution. This affects M4200-10MG-POE+ 12.0.2.11 and earlier, M4300-28G 12.0.2.11 and earlier, M4300-52G 12.0.2.11 and earlier, M4300-28G-POE+ 12.0.2.11 and earlier, M4300-52G-POE+ 12.0.2.11 and earlier, M4300-8X8F 12.0.2.11 and earlier, M4300-12X12F 12.0.2.11 and earlier, M4300-24X24F 12.0.2.11 and earlier, M4300-24X 12.0.2.11 and earlier, and M4300-48X 12.0.2.11 and earlier.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:m4200-10mg-poe\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5CAB4BD-BD17-4FD4-8466-C4C3579CADF8",
"versionEndIncluding": "12.0.2.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:m4200-10mg-poe\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A77A4DEF-60B4-465C-A4BE-A65317B2073D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:m4300-28g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73A4FA9F-1592-4A94-B367-0E47D3EC1CA4",
"versionEndIncluding": "12.0.2.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:m4300-28g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22DDB059-D64B-40D1-8CD7-0FE7CF387349",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:m4300-52g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8FEED95F-F2BC-4BD9-A508-0975835B1199",
"versionEndIncluding": "12.0.2.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:m4300-52g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC1FD426-FA6B-4F84-8A21-74B80E8A03ED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:m4300-28g-poe\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33ACAD6E-1FDB-4009-9892-6A1711E2FD62",
"versionEndIncluding": "12.0.2.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:m4300-28g-poe\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6EDB8A1F-8F4F-4E8F-8CAF-8E05AC84BE52",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:m4300-52g-poe\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6600B6D-9595-48EF-A2FF-394F71C4C430",
"versionEndIncluding": "12.0.2.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:m4300-52g-poe\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FEA4098-F34F-4EDE-976D-6E63EA2EA3DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:m4300-8x8f_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10AFC28C-9793-4792-88BD-28B75B3565B2",
"versionEndIncluding": "12.0.2.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:m4300-8x8f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED3BE1A4-2683-4890-BC75-8F7ADEC9AF25",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:m4300-12x12f_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9097089-72B2-4363-8AC4-C3DBD3269F15",
"versionEndIncluding": "12.0.2.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:m4300-12x12f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "35193973-3D2B-4751-899A-F0270E9F91A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:m4300-24x24f_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CFBD8080-C7B8-4A29-95EC-6DC5775EB47D",
"versionEndIncluding": "12.0.2.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:m4300-24x24f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68762E4C-8D20-44B7-873C-6EC849577551",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:m4300-24x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "367C550A-D764-4C6F-906E-2D5F7132EB84",
"versionEndIncluding": "12.0.2.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:m4300-24x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "552CC93D-334C-4919-9906-688216580DF0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:m4300-48x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4BC9B3A2-6183-42A5-9D7A-1F28B00751FB",
"versionEndIncluding": "12.0.2.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:m4300-48x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A74F426D-BD60-4F6F-A1AA-8547CDAA2DF3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by command execution. This affects M4200-10MG-POE+ 12.0.2.11 and earlier, M4300-28G 12.0.2.11 and earlier, M4300-52G 12.0.2.11 and earlier, M4300-28G-POE+ 12.0.2.11 and earlier, M4300-52G-POE+ 12.0.2.11 and earlier, M4300-8X8F 12.0.2.11 and earlier, M4300-12X12F 12.0.2.11 and earlier, M4300-24X24F 12.0.2.11 and earlier, M4300-24X 12.0.2.11 and earlier, and M4300-48X 12.0.2.11 and earlier."
},
{
"lang": "es",
"value": "Determinados dispositivos de NETGEAR est\u00e1n afectados por una ejecuci\u00f3n de comandos. Esto afecta a M4200-10MG-POE+ versiones 12.0.2.11 y anteriores, M4300-28G versiones 12.0.2.11 y anteriores, M4300-52G versiones 12.0.2.11 y anteriores, M4300-28G-POE+ versiones 12.0.2.11 y anteriores, M4300-52G-POE+ versiones 12.0.2.11 y anteriores, M4300-8X8F versiones 12.0.2.11 y anteriores, M4300-12X12F versiones 12.0.2.11 y anteriores, M4300-24X24F versiones 12.0.2.11 y anteriores, M4300-24X versiones 12.0.2.11 y anteriores, y M4300-48X versiones 12.0.2.11 y anteriores."
}
],
"id": "CVE-2017-18858",
"lastModified": "2024-11-21T03:21:06.620",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-28T17:15:12.663",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000038655/Security-Advisory-for-Unauthenticated-Remote-Code-Execution-on-M4200-and-M4300-PSV-2017-1971"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000038655/Security-Advisory-for-Unauthenticated-Remote-Code-Execution-on-M4200-and-M4300-PSV-2017-1971"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}