CVE-2017-18749

EPSS 0.17%
Veröffentlicht 23.04.2020 16:15:12
Zuletzt bearbeitet 21.11.2024 03:20:49
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Certain NETGEAR devices are affected by CSRF. This affects JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, R6050 before 1.0.1.10, R6100 before 1.0.1.16, R6220 before 1.1.0.50, R7500 before 1.0.0.112, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R9000 before 1.0.2.40, WNDR3700v4 before 1.0.2.88, WNDR3700v5 before 1.1.0.48, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.44, WNR2000v5 before 1.0.0.58, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Netgear ≫ Jnr1010 Firmware Version < 1.1.0.44

Netgear ≫ Jnr1010 Versionv2

Netgear ≫ Jr6150 Firmware Version < 1.0.1.10

Netgear ≫ Jr6150 Version-

Netgear ≫ Jwnr2010 Firmware Version < 1.1.0.44

Netgear ≫ Jwnr2010 Versionv5

Netgear ≫ R6050 Firmware Version < 1.0.1.10

Netgear ≫ R6050 Version-

Netgear ≫ R6100 Firmware Version < 1.0.1.16

Netgear ≫ R6100 Version-

Netgear ≫ R6220 Firmware Version < 1.1.0.50

Netgear ≫ R6220 Version-

Netgear ≫ R7500 Firmware Version < 1.0.0.112

Netgear ≫ R7500 Version-

Netgear ≫ R7500 Firmware Version < 1.0.3.20

Netgear ≫ R7500 Versionv2

Netgear ≫ R7800 Firmware Version < 1.0.2.36

Netgear ≫ R7800 Version-

Netgear ≫ R9000 Firmware Version < 1.0.2.40

Netgear ≫ R9000 Version-

Netgear ≫ Wndr3700 Firmware Version < 1.0.2.88

Netgear ≫ Wndr3700 Versionv4

Netgear ≫ Wndr3700 Firmware Version < 1.1.0.48

Netgear ≫ Wndr3700 Versionv5

Netgear ≫ Wndr4300 Firmware Version < 1.0.2.90

Netgear ≫ Wndr4300 Version-

Netgear ≫ Wndr4300 Firmware Version < 1.0.0.48

Netgear ≫ Wndr4300 Versionv2

Netgear ≫ Wndr4500 Firmware Version < 1.0.0.48

Netgear ≫ Wndr4500 Versionv3

Netgear ≫ Wnr1000 Firmware Version < 1.1.0.44

Netgear ≫ Wnr1000 Versionv4

Netgear ≫ Wnr2000 Firmware Version < 1.0.0.58

Netgear ≫ Wnr2000 Versionv5

Netgear ≫ Wnr2020 Firmware Version < 1.1.0.44

Netgear ≫ Wnr2020 Version-

Netgear ≫ Wnr2050 Firmware Version < 1.1.0.44

Netgear ≫ Wnr2050 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.17%	0.345

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
cve@mitre.org	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

https://kb.netgear.com/000051505/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Routers-PSV-2016-0101

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-18749

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-18749

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-18749

EUVD