8.8
CVE-2017-18791
- EPSS 0.17%
- Veröffentlicht 21.04.2020 19:15:11
- Zuletzt bearbeitet 21.11.2024 03:20:55
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
Certain NETGEAR devices are affected by CSRF. This affects R6050/JR6150 before 1.0.1.7, PR2000 before 1.0.0.17, R6220 before 1.1.0.50, WNDR3700v5 before 1.1.0.48, JNR1010v2 before 1.1.0.40, JWNR2010v5 before 1.1.0.40, WNR1000v4 before 1.1.0.40, WNR2020 before 1.1.0.40, WNR2050 before 1.1.0.40, WNR614 before 1.1.0.40, WNR618 before 1.1.0.40, and D7000 before 1.0.1.50.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Netgear ≫ R6050 Firmware Version < 1.0.1.7
Netgear ≫ Jr6150 Firmware Version < 1.0.1.7
Netgear ≫ Pr2000 Firmware Version < 1.0.0.17
Netgear ≫ R6220 Firmware Version < 1.1.0.50
Netgear ≫ Wndr3700 Firmware Version < 1.1.0.48
Netgear ≫ Jnr1010 Firmware Version < 1.1.0.40
Netgear ≫ Jwnr2010 Firmware Version < 1.1.0.40
Netgear ≫ Wnr1000 Firmware Version < 1.1.0.40
Netgear ≫ Wnr2020 Firmware Version < 1.1.0.40
Netgear ≫ Wnr2050 Firmware Version < 1.1.0.40
Netgear ≫ Wnr614 Firmware Version < 1.1.0.40
Netgear ≫ Wnr618 Firmware Version < 1.1.0.40
Netgear ≫ D7000 Firmware Version < 1.0.1.50
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.17% | 0.345 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
| cve@mitre.org | 8.8 | 2.8 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.