CVE-2017-18800

EUVD-2017-9891
Certain NETGEAR devices are affected by reflected XSS. This affects R6700v2 before 1.1.0.42 and R6800 before 1.1.0.42.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.1 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
mitreCNA
6.1 MEDIUM
LOCAL
LOW
NONE
CVSS:3.0/AC:L/AV:L/A:L/C:L/I:L/PR:N/S:C/UI:R
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
Affected Products (NVD)
VendorProductVersion
netgearr6700_firmware
𝑥
< 1.1.0.42
netgearr6800_firmware
𝑥
< 1.1.0.42
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://kb.netgear.com/000049356/Security-Advisory-for-Reflected-Cross-Site-Scripting-Vulnerability-on-R6700v2-and-R6800-PSV-2017-2162
https://kb.netgear.com/000049356/Security-Advisory-for-Reflected-Cross-Site-Scripting-Vulnerability-on-R6700v2-and-R6800-PSV-2017-2162