8.8

CVE-2017-18848

Certain NETGEAR devices are affected by CSRF. This affects R6300v2 before 1.0.0.36, AC1450 before 1.0.0.36, R7300 before 1.0.0.54, and R8500 before 1.0.2.94.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NetgearR6300 Firmware Version < 1.0.0.36
   NetgearR6300 Versionv2
NetgearAc1450 Firmware Version < 1.0.0.36
   NetgearAc1450 Version-
NetgearR7300 Firmware Version < 1.0.0.54
   NetgearR7300 Version-
NetgearR8500 Firmware Version < 1.0.2.94
   NetgearR8500 Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.46% 0.363
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
cve@mitre.org 8.8 2.8 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

https://kb.netgear.com/000049011/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Routers-PSV-2017-0334
Vendor Advisory