PT-2020-8304 · NetGear · Netgear R6220+12

Published

2020-04-22

·

Updated

2020-04-24

·

CVE-2017-18755

CVSS v3.1

8.8

High

VectorAC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:R
Name of the Vulnerable Software and Affected Versions: NETGEAR R6300v2 versions 1.0.0 through 1.0.4.7 NETGEAR R6400v2 versions 1.0.0 through 1.0.2.31 NETGEAR R6700 versions 1.0.0 through 1.0.1.21 NETGEAR R6900 versions 1.0.0 through 1.0.1.21 NETGEAR R7000P versions 1.0.0 through 1.0.0.85 NETGEAR R6900P versions 1.0.0 through 1.0.0.55 NETGEAR R7300 versions 1.0.0 through 1.0.0.53 NETGEAR R8300 versions 1.0.0 through 1.0.2.105 NETGEAR R8500 versions 1.0.0 through 1.0.2.105 NETGEAR DGN2200v4 versions 1.0.0 through 1.0.0.85 NETGEAR DGND2200Bv4 versions 1.0.0 through 1.0.0.85 NETGEAR R6050 versions 1.0.0 through 1.0.0.85 NETGEAR JR6150 versions 1.0.0 through 1.0.1.9 NETGEAR R6220 versions 1.0.0 through 1.1.0.49 NETGEAR WNDR3700v5 versions V1.0.0 through V1.1.0.47
Description: Certain NETGEAR devices are affected by a CSRF issue.
Recommendations: For NETGEAR R6300v2 version 1.0.4.7 and earlier, update to version 1.0.4.8 or later. For NETGEAR R6400v2 version 1.0.2.31 and earlier, update to version 1.0.2.32 or later. For NETGEAR R6700 version 1.0.1.21 and earlier, update to version 1.0.1.22 or later. For NETGEAR R6900 version 1.0.1.21 and earlier, update to version 1.0.1.22 or later. For NETGEAR R7000P version 1.0.0.85 and earlier, update to version 1.0.0.86 or later. For NETGEAR R6900P version 1.0.0.55 and earlier, update to version 1.0.0.56 or later. For NETGEAR R7300 version 1.0.0.53 and earlier, update to version 1.0.0.54 or later. For NETGEAR R8300 version 1.0.2.105 and earlier, update to version 1.0.2.106 or later. For NETGEAR R8500 version 1.0.2.105 and earlier, update to version 1.0.2.106 or later. For NETGEAR DGN2200v4 version 1.0.0.85 and earlier, update to version 1.0.0.86 or later. For NETGEAR DGND2200Bv4 version 1.0.0.85 and earlier, update to version 1.0.0.86 or later. For NETGEAR R6050 version 1.0.0.85 and earlier, update to version 1.0.0.86 or later. For NETGEAR JR6150 version 1.0.1.9 and earlier, update to version 1.0.1.10 or later. For NETGEAR R6220 version 1.1.0.49 and earlier, update to version 1.1.0.50 or later. For NETGEAR WNDR3700v5 version V1.1.0.47 and earlier, update to version V1.1.0.48 or later.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2017-18755

Affected Products

Netgear Dgn2200V4
Netgear Jr6150
Netgear R6050
Netgear R6220
Netgear R6300V2
Netgear R6400V2
Netgear R6700
Netgear R6900P
Netgear R7000P
Netgear R7300
Netgear R8300
Netgear R8500
Netgear Wndr3700V5