CVE-2017-18781

CWE-352Cross-Site Request Forgery (CSRF)3 documents3 sources
Severity
8.8HIGH
EPSS
0.2%
top 56.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
18
Netgear D6200 FirmwareNetgear D7000 FirmwareNetgear Jnr1010 Firmware+15 more
Timeline
PublishedApr 22
Latest updateMay 24

Description

Certain NETGEAR devices are affected by CSRF. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, JR6150 before 1.0.1.12, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 before 1.0.1.12, R6080 before 1.0.0.26, R6120 before 1.0.0.36, R6220 before 1.1.0.60, R6700v2 before 1.2.0.12, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages18 packages

NVDnetgear/d6200_firmware< 1.1.00.24
NVDnetgear/d7000_firmware< 1.0.1.52
NVDnetgear/r6020_firmware< 1.0.0.26
NVDnetgear/r6050_firmware< 1.0.1.12
NVDnetgear/r6080_firmware< 1.0.0.26

🔴Vulnerability Details

2
GHSA
GHSA-jv8c-vh95-8c34: Certain NETGEAR devices are affected by CSRF2022-05-24
CVEList
CVE-2017-18781: Certain NETGEAR devices are affected by CSRF2020-04-22
CVE-2017-18781 (HIGH CVSS 8.8) | Certain NETGEAR devices are affecte | cvebase.io