4.3

CVE-2016-11055

Certain NETGEAR devices are affected by CSRF. This affects CM400 before 2017-01-11, CM600 before 2017-01-11, D1500 before 2017-01-11, D500 before 2017-01-11, DST6501 before 2017-01-11, JNR1010v1 before 2017-01-11, JWNR2000Tv3 before 2017-01-11, JWNR2010v3 before 2017-01-11, PLW1000 before 2017-01-11, PLW1010 before 2017-01-11, WNR500 before 2017-01-11, WNR612v3 before 2017-01-11, N450 before 2017-01-11, and CG3000Dv2 before 2017-01-11.

Data is provided by the National Vulnerability Database (NVD)
NetgearCm400 Firmware Version < 2017-01-11
   NetgearCm400 Version-
NetgearCm600 Firmware Version < 2017-01-11
   NetgearCm600 Version-
NetgearD1500 Firmware Version < 1.0.0.20
   NetgearD1500 Version-
NetgearD500 Firmware Version < 2017-01-11
   NetgearD500 Version-
NetgearDst6501 Firmware Version < 1.0.0.36
   NetgearDst6501 Version-
NetgearJnr1010 Firmware Version < 2017-01-11
   NetgearJnr1010 Versionv1
NetgearJwnr2000t Firmware Version < 2017-01-11
   NetgearJwnr2000t Versionv3
NetgearJwnr2010 Firmware Version < 2017-01-11
   NetgearJwnr2010 Versionv3
NetgearPlw1000 Firmware Version < 1.0.0.22
   NetgearPlw1000 Version-
NetgearPlw1010 Firmware Version < 2017-01-11
   NetgearPlw1010 Version-
NetgearWnr500 Firmware Version < 2017-01-11
   NetgearWnr500 Version-
NetgearWnr612 Firmware Version < 2017-01-11
   NetgearWnr612 Versionv3
NetgearN450 Cg3000d Firmware Version < 2017-01-11
   NetgearN450 Cg3000d Versionv2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.12% 0.277
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.