CVE-2017-18715

EPSS 0.42%
Published 24.04.2020 14:15:13
Last modified 21.11.2024 03:20:44
Source cve@mitre.org
Teams watchlist Login
Open Login

Certain NETGEAR devices are affected by reflected XSS. This affects EX3700 before 1.0.0.66, EX3800 before 1.0.0.66, EX6100 before 1.0.2.20, EX6120 before 1.0.0.34, EX6150 before 1.0.0.36, EX6200 before 1.0.3.84, and EX7000 before 1.0.0.60.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Netgear ≫ Ex3700 Firmware Version < 1.0.0.66

Netgear ≫ Ex3700 Version-

Netgear ≫ Ex3800 Firmware Version < 1.0.0.66

Netgear ≫ Ex3800 Version-

Netgear ≫ Ex6100 Firmware Version < 1.0.2.20

Netgear ≫ Ex6100 Version-

Netgear ≫ Ex6120 Firmware Version < 1.0.0.34

Netgear ≫ Ex6120 Version-

Netgear ≫ Ex6150 Firmware Version < 1.0.0.36

Netgear ≫ Ex6150 Version-

Netgear ≫ Ex6200 Firmware Version < 1.0.3.84

Netgear ≫ Ex6200 Version-

Netgear ≫ Ex7000 Firmware Version < 1.0.0.60

Netgear ≫ Ex7000 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.42%	0.611

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N
cve@mitre.org	5.2	2.1	2.7	CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://kb.netgear.com/000053133/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Extenders-PSV-2016-0075

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-18715

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-18715

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-18715

EUVD