CVE-2018-21120 — Cross-Site Request Forgery in Netgear Wac120 Firmware

CWE-352 — Cross-Site Request Forgery3 documents3 sources

Severity

8.0HIGHNVD

EPSS

0.2%

top 61.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netgear Wac120 Firmware Netgear Wac505 Firmware Netgear Wac510 Firmware +8 more

Timeline

PublishedApr 22

Latest updateMay 24

Description

Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages11 packages

▶NVDnetgear/wn604_firmware< 3.3.10

▶NVDnetgear/wac120_firmware< 2.1.7

▶NVDnetgear/wac505_firmware< 5.0.5.4

▶NVDnetgear/wac510_firmware< 5.0.5.4

▶NVDnetgear/wnd930_firmware< 2.1.5

🔴Vulnerability Details

GHSA

GHSA-vx49-pgjf-xgv6: Certain NETGEAR devices are affected by CSRF↗2022-05-24

▶

CVEList

CVE-2018-21120: Certain NETGEAR devices are affected by CSRF↗2020-04-22

▶