9.8

CVE-2021-32122

Certain NETGEAR devices are affected by CSRF. This affects EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, and EX6130 before 1.0.0.44.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NetgearEx3700 Firmware Version < 1.0.0.90
   NetgearEx3700 Version-
NetgearEx3800 Firmware Version < 1.0.0.90
   NetgearEx3800 Version-
NetgearEx6120 Firmware Version < 1.0.0.64
   NetgearEx6120 Version-
NetgearEx6130 Firmware Version < 1.0.0.44
   NetgearEx6130 Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.43% 0.341
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8 2.1 5.9
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 5.4 5.5 6.4
AV:A/AC:M/Au:N/C:P/I:P/A:P
cve@mitre.org 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

https://kb.netgear.com/000063883/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Extenders-PSV-2021-0102
Vendor Advisory