Vulnerability Name: CVE-2017-18862 (CCN-181223) Assigned: 2017-05-11 Published: 2017-05-11 Updated: 2020-05-05 Summary: Certain NETGEAR devices are affected by authentication bypass. This affects JGS516PE before 2017-05-11, JGS524Ev2 before 2017-05-11, JGS524PE before 2017-05-11, GS105Ev2 before 2017-05-11, GS105PE before 2017-05-11, GS108Ev3 before 2017-05-11, GS108PEv3 before 2017-05-11, GS116Ev2 before 2017-05-11, GSS108E before 2017-05-11, GSS116E before 2017-05-11, XS708Ev2 before 2017-05-11, and XS716E before 2017-05-11. CVSS v3 Severity: 6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): AdjacentAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): NoneAvailibility (A): None
5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): LowAvailibility (A): None
CVSS v2 Severity: 3.3 Low (CVSS v2 Vector: AV:A/AC:L/Au:N/C:P/I:N/A:N Exploitability Metrics: Access Vector (AV): Adjacent_NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): PartialAvailibility (A): None
Vulnerability Type: CWE-287 Vulnerability Consequences: Bypass Security References: Source: MITRECVE-2017-18862 netgear-cve201718862-sec-bypass(181223) Security Advisory for Authentication Bypass on ProSAFE Web Managed Switches, PSV-2015-0043 https://kb.netgear.com/000037849/Security-Advisory-for-Authentication-Bypass-on-ProSAFE-Web-Managed-Switches-PSV-2015-0043 Vulnerable Configuration: Configuration 1 :cpe:/o:netgear:jgs516pe_firmware:*:*:*:*:*:*:*:* (Version < 2017-05-11)AND cpe:/h:netgear:jgs516pe:-:*:*:*:*:*:*:* Configuration 2 :cpe:/o:netgear:jgs524e_firmware:*:*:*:*:*:*:*:* (Version < 2017-05-11)AND cpe:/h:netgear:jgs524e:v2:*:*:*:*:*:*:* Configuration 3 :cpe:/o:netgear:jgs524pe_firmware:*:*:*:*:*:*:*:* (Version < 2017-05-11)AND cpe:/h:netgear:jgs524pe:-:*:*:*:*:*:*:* Configuration 4 :cpe:/o:netgear:gs105e_firmware:*:*:*:*:*:*:*:* (Version < 2017-05-11)AND cpe:/h:netgear:gs105e:v2:*:*:*:*:*:*:* Configuration 5 :cpe:/o:netgear:gs105pe_firmware:*:*:*:*:*:*:*:* (Version < 2017-05-11)AND cpe:/h:netgear:gs105pe:-:*:*:*:*:*:*:* Configuration 6 :cpe:/o:netgear:gs108e_firmware:*:*:*:*:*:*:*:* (Version < 2017-05-11)AND cpe:/h:netgear:gs108e:v3:*:*:*:*:*:*:* Configuration 7 :cpe:/o:netgear:gs108pe_firmware:*:*:*:*:*:*:*:* (Version < 2017-05-11)AND cpe:/h:netgear:gs108pe:v3:*:*:*:*:*:*:* Configuration 8 :cpe:/o:netgear:gs116e_firmware:*:*:*:*:*:*:*:* (Version < 2017-05-11)AND cpe:/h:netgear:gs116e:v2:*:*:*:*:*:*:* Configuration 9 :cpe:/o:netgear:gss108e_firmware:*:*:*:*:*:*:*:* (Version < 2017-05-11)AND cpe:/h:netgear:gss108e:-:*:*:*:*:*:*:* Configuration 10 :cpe:/o:netgear:gss116e_firmware:*:*:*:*:*:*:*:* (Version < 2017-05-11)AND cpe:/h:netgear:gss116e:-:*:*:*:*:*:*:* Configuration 11 :cpe:/o:netgear:xs708e_firmware:*:*:*:*:*:*:*:* (Version < 2017-05-11)AND cpe:/h:netgear:xs708e:v2:*:*:*:*:*:*:* Configuration 12 :cpe:/o:netgear:xs716e_firmware:*:*:*:*:*:*:*:* (Version < 2017-05-11)AND cpe:/h:netgear:xs716e:-:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/h:netgear:jgs524e:v2:*:*:*:*:*:*:* OR cpe:/h:netgear:jgs524pe:-:*:*:*:*:*:*:* OR cpe:/h:netgear:gs105e:v2:*:*:*:*:*:*:* OR cpe:/h:netgear:gs105pe:-:*:*:*:*:*:*:* OR cpe:/h:netgear:gs108e:v3:*:*:*:*:*:*:* OR cpe:/h:netgear:gs108pe:v3:*:*:*:*:*:*:* OR cpe:/h:netgear:gss108e:-:*:*:*:*:*:*:* OR cpe:/h:netgear:gss116e:-:*:*:*:*:*:*:* OR cpe:/h:netgear:xs708e:v2:*:*:*:*:*:*:* OR cpe:/h:netgear:xs716e:-:*:*:*:*:*:*:* BACK
netgear jgs516pe firmware *
netgear jgs516pe -
netgear jgs524e firmware *
netgear jgs524e v2
netgear jgs524pe firmware *
netgear jgs524pe -
netgear gs105e firmware *
netgear gs105e v2
netgear gs105pe firmware *
netgear gs105pe -
netgear gs108e firmware *
netgear gs108e v3
netgear gs108pe firmware *
netgear gs108pe v3
netgear gs116e firmware *
netgear gs116e v2
netgear gss108e firmware *
netgear gss108e -
netgear gss116e firmware *
netgear gss116e -
netgear xs708e firmware *
netgear xs708e v2
netgear xs716e firmware *
netgear xs716e -
netgear jgs524e v2
netgear jgs524pe -
netgear gs105e v2
netgear gs105pe -
netgear gs108e v3
netgear gs108pe v3
netgear gss108e -
netgear gss116e -
netgear xs708e v2
netgear xs716e -
Denotes that component is vulnerable