CVE-2019-20487Cross-Site Request Forgery in Netgear Wnr1000 Firmware

CWE-352Cross-Site Request Forgery3 documents3 sources
Severity
8.8HIGHNVD
EPSS
0.3%
top 43.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Netgear Wnr1000 Firmware
Timeline
PublishedMar 2
Latest updateMay 24

Description

An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple actions within the WNR1000V4 web management console are vulnerable to an unauthenticated GET request (exploitable directly or through CSRF), as demonstrated by the setup.cgi?todo=save_htp_account URI.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-q8pv-fm9c-m7xj: An issue was discovered on NETGEAR WNR1000V4 12022-05-24
CVEList
CVE-2019-20487: An issue was discovered on NETGEAR WNR1000V4 12020-03-02
CVE-2019-20487 — Cross-Site Request Forgery in Netgear | cvebase