CVE-2017-18749

CWE-352Cross-Site Request Forgery (CSRF)3 documents3 sources
Severity
8.8HIGH
EPSS
0.2%
top 56.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
16
Netgear Jnr1010 FirmwareNetgear Jr6150 FirmwareNetgear Jwnr2010 Firmware+13 more
Timeline
PublishedApr 23
Latest updateMay 24

Description

Certain NETGEAR devices are affected by CSRF. This affects JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, R6050 before 1.0.1.10, R6100 before 1.0.1.16, R6220 before 1.1.0.50, R7500 before 1.0.0.112, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R9000 before 1.0.2.40, WNDR3700v4 before 1.0.2.88, WNDR3700v5 before 1.1.0.48, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.44, WNR2000v5 before 1.0.0.58, WNR202

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages16 packages

NVDnetgear/r6050_firmware< 1.0.1.10
NVDnetgear/r6100_firmware< 1.0.1.16
NVDnetgear/r6220_firmware< 1.1.0.50
NVDnetgear/r7500_firmware< 1.0.0.112+1
NVDnetgear/r7800_firmware< 1.0.2.36

🔴Vulnerability Details

2
GHSA
GHSA-276m-rj9p-m5q8: Certain NETGEAR devices are affected by CSRF2022-05-24
CVEList
CVE-2017-18749: Certain NETGEAR devices are affected by CSRF2020-04-23
CVE-2017-18749 (HIGH CVSS 8.8) | Certain NETGEAR devices are affecte | cvebase.io