8.8
CVE-2017-18742
- EPSS 0.17%
- Published 23.04.2020 16:15:12
- Last modified 21.11.2024 03:20:48
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Certain NETGEAR devices are affected by CSRF. This affects JR6150 before 1.0.1.10, R6050 before 1.0.1.10, R6250 before 1.0.4.12, R6300v2 before 1.0.4.8, R6700 before 1.0.1.16, R6900 before 1.0.1.16, R7300DST before 1.0.0.54, R7900 before 1.0.1.12, R8000 before 1.0.3.32, and R8500 before 1.0.2.74.
Data is provided by the National Vulnerability Database (NVD)
Netgear ≫ Jr6150 Firmware Version < 1.0.1.10
Netgear ≫ R6050 Firmware Version < 1.0.1.10
Netgear ≫ R6250 Firmware Version < 1.0.4.12
Netgear ≫ R6300 Firmware Version < 1.0.4.8
Netgear ≫ R6700 Firmware Version < 1.0.1.16
Netgear ≫ R6900 Firmware Version < 1.0.1.16
Netgear ≫ R7300dst Firmware Version < 1.0.0.54
Netgear ≫ R7900 Firmware Version < 1.0.1.12
Netgear ≫ R8000 Firmware Version < 1.0.3.32
Netgear ≫ R8500 Firmware Version < 1.0.2.74
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.17% | 0.345 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
| cve@mitre.org | 8.8 | 2.8 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.