CVE-2017-18852Cross-Site Request Forgery in Netgear R7300dst Firmware

CWE-352Cross-Site Request Forgery3 documents3 sources
Severity
8.8HIGHNVD
EPSS
0.0%
top 89.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Netgear R7300dst FirmwareNetgear R8300 FirmwareNetgear R8500 Firmware+1 more
Timeline
PublishedApr 20
Latest updateMay 24

Description

Certain NETGEAR devices are affected by CSRF and authentication bypass. This affects R7300DST before 1.0.0.54, R8300 before 1.0.2.100_1.0.82, R8500 before 1.0.2.100_1.0.82, and WNDR3400v3 before 1.0.1.14.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

NVDnetgear/r8300_firmware< 1.0.2.100_1.0.82
NVDnetgear/r8500_firmware< 1.0.2.100_1.0.82

🔴Vulnerability Details

2
GHSA
GHSA-pwr4-4q52-jj45: Certain NETGEAR devices are affected by CSRF and authentication bypass2022-05-24
CVEList
CVE-2017-18852: Certain NETGEAR devices are affected by CSRF and authentication bypass2020-04-20
CVE-2017-18852 — Cross-Site Request Forgery in Netgear | cvebase