Lucene search

[email protected]CVE-2018-21120

HistoryApr 22, 2020 - 4:15 p.m.

CVE-2018-21120

2020-04-2216:15:11

CWE-352

[email protected]

web.nvd.nist.gov

netgear

csrf

wac120

wac505

wac510

wnap320

wnap210v2

wndap350

wndap360

wndap660

wndap620

wnd930

wn604

8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

6 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

27.3%

JSON

Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10.

Affected configurations

NVD

Node

netgearwac120_firmwareRange<2.1.7

AND

netgearwac120Match-

Node

netgearwac505Match-

AND

netgearwac505_firmwareRange<5.0.5.4

Node

netgearwac510Match-

AND

netgearwac510_firmwareRange<5.0.5.4

Node

netgearwnap320Match-

AND

netgearwnap320_firmwareRange<3.7.11.4

Node

netgearwnap210Matchv2

AND

netgearwnap210_firmwareRange<3.7.11.4

Node

netgearwndap350Match-

AND

netgearwndap350_firmwareRange<3.7.11.4

Node

netgearwndap360Match-

AND

netgearwndap360_firmwareRange<3.7.11.4

Node

netgearwndap660Match-

AND

netgearwndap660_firmwareRange<3.7.11.4

Node

netgearwndap620Match-

AND

netgearwndap620_firmwareRange<2.1.7

Node

netgearwnd930_firmwareRange<2.1.5

AND

netgearwnd930Match-

Node

netgearwn604_firmwareRange<3.3.10

AND

netgearwn604Match-

CPENameOperatorVersion
netgear:wac120_firmwarenetgear wac120 firmwarelt2.1.7

CPE	Name	Operator	Version
netgear:wac120_firmware	netgear wac120 firmware	lt	2.1.7

References

kb.netgear.com/000060238/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Wireless-Access-Points-PSV-2018-0095

8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

6 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

27.3%

JSON

Related for CVE-2018-21120

prion1 cnvd1 nvd1 cvelist1