8.8

CVE-2020-26912

Certain NETGEAR devices are affected by CSRF. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JR6150 before 1.0.1.24, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.62, and WNR2020 before 1.1.0.62.

Data is provided by the National Vulnerability Database (NVD)
NetgearD6200 Firmware Version < 1.1.00.38
   NetgearD6200 Version-
NetgearD7000 Firmware Version < 1.0.1.78
   NetgearD7000 Version-
NetgearJr6150 Firmware Version < 1.0.1.24
   NetgearJr6150 Version-
NetgearR6020 Firmware Version < 1.0.0.42
   NetgearR6020 Version-
NetgearR6050 Firmware Version < 1.0.1.24
   NetgearR6050 Version-
NetgearR6080 Firmware Version < 1.0.0.42
   NetgearR6080 Version-
NetgearR6120 Firmware Version < 1.0.0.66
   NetgearR6120 Version-
NetgearR6220 Firmware Version < 1.1.0.100
   NetgearR6220 Version-
NetgearR6260 Firmware Version < 1.1.0.64
   NetgearR6260 Version-
NetgearR6700v2 Firmware Version < 1.2.0.62
   NetgearR6700v2 Version-
NetgearR6800 Firmware Version < 1.2.0.62
   NetgearR6800 Version-
NetgearR6900v2 Firmware Version < 1.2.0.62
   NetgearR6900v2 Version-
NetgearR7450 Firmware Version < 1.2.0.62
   NetgearR7450 Version-
NetgearWnr2020 Firmware Version < 1.1.0.62
   NetgearWnr2020 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 1.43% 0.8
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
cve@mitre.org 7.5 1.2 5.8
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.