Japan Vulnerability NotesJVN:29903998JVN#29903998: Multiple NETGEAR switching hubs vulnerable to cross-site request forgery
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
0.002 Low
EPSS
Percentile
57.5%
GS716Tv2 and GS724Tv3 switching hubs provided by NETGEAR contain a cross-site request forgery vulnerability.
Impact
If a user views a malicious page while logged in to the management screen, the product’s settings may be changed unintentionally.
Solution
Apply a workaround
Applying the following workaround may mitigate the impacts of this vulnerability.
- Set the IP address of the product in a different network from the one used for the user port
Stop using the products
GS716Tv2 and GS724Tv3 are no longer supported. Stop using the products and consider switching to an alternative products.
NETGEAR offers GS716Tv3 (GS716T-300AJS) and GS724Tv4 (GS724T-400AJS) as successors to GS716Tv2 and GS724Tv3.
Products Affected
- GS716Tv2 Firmware version 5.4.2.30 and earlier
- GS724Tv3 Firmware version 5.4.2.30 and earlier
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
0.002 Low
EPSS
Percentile
57.5%