CVE-2017-2137

ProSAFE Plus Configuration Utility prior to 2.3.29 allows remote attackers to bypass access restriction and change configurations of the switch via SOAP requests.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.7 LOW
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
jpcertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 26%
VendorProductVersion
netgearprosafe_plus_configuration_utility
𝑥
≤ 2.3.28
𝑥
= Vulnerable software versions
References
http://jvn.jp/en/jp/JVN08740778/index.html
https://kb.netgear.com/000038443/Security-Advisory-for-Insecure-SOAP-Access-in-ProSAFE-Plus-Configuration-Utility-PSV-2017-1997
http://jvn.jp/en/jp/JVN08740778/index.html
https://kb.netgear.com/000038443/Security-Advisory-for-Insecure-SOAP-Access-in-ProSAFE-Plus-Configuration-Utility-PSV-2017-1997