8
CVE-2018-21120
- EPSS 0.17%
- Veröffentlicht 22.04.2020 16:15:11
- Zuletzt bearbeitet 21.11.2024 04:02:56
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Netgear ≫ Wac120 Firmware Version < 2.1.7
Netgear ≫ Wac505 Firmware Version < 5.0.5.4
Netgear ≫ Wac510 Firmware Version < 5.0.5.4
Netgear ≫ Wnap320 Firmware Version < 3.7.11.4
Netgear ≫ Wnap210 Firmware Version < 3.7.11.4
Netgear ≫ Wndap350 Firmware Version < 3.7.11.4
Netgear ≫ Wndap360 Firmware Version < 3.7.11.4
Netgear ≫ Wndap660 Firmware Version < 3.7.11.4
Netgear ≫ Wndap620 Firmware Version < 2.1.7
Netgear ≫ Wnd930 Firmware Version < 2.1.5
Netgear ≫ Wn604 Firmware Version < 3.3.10
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.17% | 0.348 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8 | 2.1 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6 | 6.8 | 6.4 |
AV:N/AC:M/Au:S/C:P/I:P/A:P
|
| cve@mitre.org | 5.2 | 1.5 | 3.6 |
CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.