PT-2020-8291 · NetGear · R6250+9
Robinooklay
·
Published
2020-04-23
·
Updated
2020-04-27
·
CVE-2017-18742
CVSS v3.1
8.8
High
| Vector | AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:R |
Name of the Vulnerable Software and Affected Versions:
NETGEAR JR6150 versions prior to 1.0.1.10
NETGEAR R6050 versions prior to 1.0.1.10
NETGEAR R6250 versions prior to 1.0.4.12
NETGEAR R6300v2 versions prior to 1.0.4.8
NETGEAR R6700 versions prior to 1.0.1.16
NETGEAR R6900 versions prior to 1.0.1.16
NETGEAR R7300DST versions prior to 1.0.0.54
NETGEAR R7900 versions prior to 1.0.1.12
NETGEAR R8000 versions prior to 1.0.3.32
NETGEAR R8500 versions prior to 1.0.2.74
Description:
The issue affects certain NETGEAR devices, making them vulnerable to Cross-Site Request Forgery (CSRF) attacks.
Recommendations:
For JR6150, update to version 1.0.1.10 or later.
For R6050, update to version 1.0.1.10 or later.
For R6250, update to version 1.0.4.12 or later.
For R6300v2, update to version 1.0.4.8 or later.
For R6700, update to version 1.0.1.16 or later.
For R6900, update to version 1.0.1.16 or later.
For R7300DST, update to version 1.0.0.54 or later.
For R7900, update to version 1.0.1.12 or later.
For R8000, update to version 1.0.3.32 or later.
For R8500, update to version 1.0.2.74 or later.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jr6150
R6050
R6250
R6300V2
R6700
R6900
R7300Dst
R7900
R8000
R8500