9.8
CVE-2021-32122
- EPSS 0.43%
- Veröffentlicht 11.08.2021 00:15:07
- Zuletzt bearbeitet 21.11.2024 06:06:51
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Certain NETGEAR devices are affected by CSRF. This affects EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, and EX6130 before 1.0.0.44.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Netgear ≫ Ex3700 Firmware Version < 1.0.0.90
Netgear ≫ Ex3800 Firmware Version < 1.0.0.90
Netgear ≫ Ex6120 Firmware Version < 1.0.0.64
Netgear ≫ Ex6130 Firmware Version < 1.0.0.44
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.43% | 0.341 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8 | 2.1 | 5.9 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 5.4 | 5.5 | 6.4 |
AV:A/AC:M/Au:N/C:P/I:P/A:P
|
| cve@mitre.org | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
https://kb.netgear.com/000063883/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Extenders-PSV-2021-0102