CVE-2019-20691

Published: Apr 16, 2020Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Certain NETGEAR devices are affected by CSRF. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.24, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150v1 before 1.0.0.42, EX6200 before 1.0.3.88, EX7000 before 1.0.0.66, and WN2500RPv2 before 1.0.1.54.

Affected (12)

Products: Netgear: D3600 Firmware, D6000 Firmware, Ex3700 Firmware, Ex3800 Firmware, Ex6000 Firmware, Ex6100 Firmware, Ex6120 Firmware, Ex6130 Firmware, Ex6150 Firmware, Ex6200 Firmware, Ex7000 Firmware, Wn2500rp Firmware

12 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear D3600 Firmware	Before 1.0.0.72

Running on/with	Platform Versions
Netgear D3600	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear D6000 Firmware	Before 1.0.0.72

Running on/with	Platform Versions
Netgear D6000	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Ex3700 Firmware	Before 1.0.0.70

Running on/with	Platform Versions
Netgear Ex3700	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Ex3800 Firmware	Before 1.0.0.70

Running on/with	Platform Versions
Netgear Ex3800	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Ex6000 Firmware	Before 1.0.0.30

Running on/with	Platform Versions
Netgear Ex6000	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Ex6100 Firmware	Before 1.0.2.24

Running on/with	Platform Versions
Netgear Ex6100	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Ex6120 Firmware	Before 1.0.0.40

Running on/with	Platform Versions
Netgear Ex6120	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Ex6130 Firmware	Before 1.0.0.22

Running on/with	Platform Versions
Netgear Ex6130	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Ex6150 Firmware	Before 1.0.0.42

Running on/with	Platform Versions
Netgear Ex6150	Version v1

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Ex6200 Firmware	Before 1.0.3.88

Running on/with	Platform Versions
Netgear Ex6200	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Ex7000 Firmware	Before 1.0.0.66

Running on/with	Platform Versions
Netgear Ex7000	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Wn2500rp Firmware	Before 1.0.1.54

Running on/with	Platform Versions
Netgear Wn2500rp	Version v2

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

https://kb.netgear.com/000061448/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Gateways-and-Extenders-PSV-2017-2747

Source: cve@mitre.org

Vendor Advisory

https://kb.netgear.com/000061448/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Gateways-and-Extenders-PSV-2017-2747

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.