8.8
CVE-2019-20691
- EPSS 0.21%
- Published 16.04.2020 19:15:23
- Last modified 21.11.2024 04:39:05
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Certain NETGEAR devices are affected by CSRF. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.24, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150v1 before 1.0.0.42, EX6200 before 1.0.3.88, EX7000 before 1.0.0.66, and WN2500RPv2 before 1.0.1.54.
Data is provided by the National Vulnerability Database (NVD)
Netgear ≫ D3600 Firmware Version < 1.0.0.72
Netgear ≫ D6000 Firmware Version < 1.0.0.72
Netgear ≫ Ex3700 Firmware Version < 1.0.0.70
Netgear ≫ Ex3800 Firmware Version < 1.0.0.70
Netgear ≫ Ex6000 Firmware Version < 1.0.0.30
Netgear ≫ Ex6100 Firmware Version < 1.0.2.24
Netgear ≫ Ex6120 Firmware Version < 1.0.0.40
Netgear ≫ Ex6130 Firmware Version < 1.0.0.22
Netgear ≫ Ex6150 Firmware Version < 1.0.0.42
Netgear ≫ Ex6200 Firmware Version < 1.0.3.88
Netgear ≫ Ex7000 Firmware Version < 1.0.0.66
Netgear ≫ Wn2500rp Firmware Version < 1.0.1.54
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.21% | 0.435 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
| cve@mitre.org | 8.3 | 2.8 | 5.5 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.