CVE-2017-18848

EPSS 0.17%
Veröffentlicht 20.04.2020 16:15:13
Zuletzt bearbeitet 21.11.2024 03:21:05
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Certain NETGEAR devices are affected by CSRF. This affects R6300v2 before 1.0.0.36, AC1450 before 1.0.0.36, R7300 before 1.0.0.54, and R8500 before 1.0.2.94.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Netgear ≫ R6300 Firmware Version < 1.0.0.36

Netgear ≫ R6300 Versionv2

Netgear ≫ Ac1450 Firmware Version < 1.0.0.36

Netgear ≫ Ac1450 Version-

Netgear ≫ R7300 Firmware Version < 1.0.0.54

Netgear ≫ R7300 Version-

Netgear ≫ R8500 Firmware Version < 1.0.2.94

Netgear ≫ R8500 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.17%	0.345

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
cve@mitre.org	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

https://kb.netgear.com/000049011/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Routers-PSV-2017-0334

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-18848

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-18848

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-18848

EUVD