PT-2020-8317 · NetGear · Netgear Wn3000Rpv3+6

Sandeepv

·

Published

2020-04-22

·

Updated

2020-04-27

·

CVE-2017-18768

CVSS v3.1

8.8

High

VectorAC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:R
Name of the Vulnerable Software and Affected Versions: NETGEAR EX6100 versions prior to 1.0.2.16 1.1.130 NETGEAR EX6100v2 versions prior to 1.0.1.70 NETGEAR EX6150v2 versions prior to 1.0.1.54 NETGEAR EX6200v2 versions prior to 1.0.1.50 NETGEAR EX6400 versions prior to 1.0.1.60 NETGEAR EX7300 versions prior to 1.0.1.60 NETGEAR WN3000RPv3 versions prior to 1.0.2.44
Description: The issue affects certain NETGEAR devices, making them vulnerable to Cross-Site Request Forgery (CSRF).
Recommendations: For NETGEAR EX6100 versions prior to 1.0.2.16 1.1.130, update to version 1.0.2.16 1.1.130 or later. For NETGEAR EX6100v2 versions prior to 1.0.1.70, update to version 1.0.1.70 or later. For NETGEAR EX6150v2 versions prior to 1.0.1.54, update to version 1.0.1.54 or later. For NETGEAR EX6200v2 versions prior to 1.0.1.50, update to version 1.0.1.50 or later. For NETGEAR EX6400 versions prior to 1.0.1.60, update to version 1.0.1.60 or later. For NETGEAR EX7300 versions prior to 1.0.1.60, update to version 1.0.1.60 or later. For NETGEAR WN3000RPv3 versions prior to 1.0.2.44, update to version 1.0.2.44 or later.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2017-18768

Affected Products

Netgear Ex6100
Netgear Ex6100V2
Netgear Ex6150V2
Netgear Ex6200V2
Netgear Ex6400
Netgear Ex7300
Netgear Wn3000Rpv3