PT-2020-18608 · NetGear · Gs108Ev3
Yuta Ikegami
·
Published
2020-11-24
·
Updated
2020-12-03
·
CVE-2020-5641
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
GS108Ev3 versions 2.06.10 and earlier
Description
A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of administrators. This could lead to changes in the product's settings without the user's intention or consent. The exact vectors used for the attack are not specified.
Recommendations
For GS108Ev3 versions 2.06.10 and earlier, as a temporary workaround, consider restricting access to the administrative interface until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gs108Ev3