CVE-2017-18768

CWE-352Cross-Site Request Forgery (CSRF)3 documents3 sources
Severity
8.8HIGH
EPSS
0.3%
top 50.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Netgear Ex6100 FirmwareNetgear Ex6150 FirmwareNetgear Ex6200 Firmware+3 more
Timeline
PublishedApr 22
Latest updateMay 24

Description

Certain NETGEAR devices are affected by CSRF. This affects EX6100 before 1.0.2.16_1.1.130, EX6100v2 before 1.0.1.70, EX6150v2 before 1.0.1.54, EX6200v2 before 1.0.1.50, EX6400 before 1.0.1.60, EX7300 before 1.0.1.60, and WN3000RPv3 before 1.0.2.44.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages6 packages

NVDnetgear/ex6100_firmware< 1.0.2.16_1.1.130+1
NVDnetgear/ex6400_firmware< 1.0.1.60
NVDnetgear/ex7300_firmware< 1.0.1.60
NVDnetgear/ex6150_firmware< 1.0.1.54
NVDnetgear/ex6200_firmware< 1.0.1.50

🔴Vulnerability Details

2
GHSA
GHSA-q43f-hqc8-97vg: Certain NETGEAR devices are affected by CSRF2022-05-24
CVEList
CVE-2017-18768: Certain NETGEAR devices are affected by CSRF2020-04-22
CVE-2017-18768 (HIGH CVSS 8.8) | Certain NETGEAR devices are affecte | cvebase.io