CVE-2017-18848

EPSS 0.17%
Published 20.04.2020 16:15:13
Last modified 21.11.2024 03:21:05
Source cve@mitre.org
Teams watchlist Login
Open Login

Certain NETGEAR devices are affected by CSRF. This affects R6300v2 before 1.0.0.36, AC1450 before 1.0.0.36, R7300 before 1.0.0.54, and R8500 before 1.0.2.94.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Netgear ≫ R6300 Firmware Version < 1.0.0.36

Netgear ≫ R6300 Versionv2

Netgear ≫ Ac1450 Firmware Version < 1.0.0.36

Netgear ≫ Ac1450 Version-

Netgear ≫ R7300 Firmware Version < 1.0.0.54

Netgear ≫ R7300 Version-

Netgear ≫ R8500 Firmware Version < 1.0.2.94

Netgear ≫ R8500 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.17%	0.345

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
cve@mitre.org	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

https://kb.netgear.com/000049011/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Routers-PSV-2017-0334

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-18848

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-18848

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-18848

EUVD