← Volver a CVEs
CVE-2018-21120
HIGH8.0
Descripcion
Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10.
Detalles CVE
Puntuacion CVSS v3.18.0
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioREQUIRED
Publicado4/22/2020
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
netgear:wac120netgear:wac120_firmwarenetgear:wac505netgear:wac505_firmwarenetgear:wac510netgear:wac510_firmwarenetgear:wn604netgear:wn604_firmwarenetgear:wnap210netgear:wnap210_firmwarenetgear:wnap320netgear:wnap320_firmwarenetgear:wnd930netgear:wnd930_firmwarenetgear:wndap350netgear:wndap350_firmwarenetgear:wndap360netgear:wndap360_firmwarenetgear:wndap620netgear:wndap620_firmwarenetgear:wndap660netgear:wndap660_firmware
Debilidades (CWE)
CWE-352
Referencias
https://kb.netgear.com/000060238/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Wireless-Access-Points-PSV-2018-0095(cve@mitre.org)
https://kb.netgear.com/000060238/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Wireless-Access-Points-PSV-2018-0095(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.