CVE-2023-1205

CWE-352Cross-Site Request Forgery (CSRF)4 documents4 sources
Severity
8.8HIGH
EPSS
0.2%
top 60.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Netgear Rax30 Firmware
Timeline
PublishedMar 10

Description

NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 is vulnerable to cross-site request forgery attacks on all endpoints due to improperly implemented CSRF protections.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5netgear_nighthawk_wifi6_routerprior to V1.0.10.94
NVDnetgear/rax30_firmware< 1.0.10.94

🔴Vulnerability Details

2
CVEList
CVE-2023-1205: NETGEAR Nighthawk WiFi6 Router prior to V12023-03-10
GHSA
GHSA-7hcp-jmfv-2wvr: NETGEAR Nighthawk WiFi6 Router prior to V12023-03-10

💥Exploits & PoCs

1
Nuclei
TitanFTP move-file Function ≤ 1.94.1205 - Path Traversal
CVE-2023-1205 (HIGH CVSS 8.8) | NETGEAR Nighthawk WiFi6 Router prio | cvebase.io