CVE-2020-5641

Published: Nov 24, 2020Modified: Jun 17, 2026

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in GS108Ev3 firmware version 2.06.10 and earlier allows remote attackers to hijack the authentication of administrators and the product's settings may be changed without the user's intention or consent via unspecified vectors.

Affected (1)

Products: Netgear: Gs108ev3 Firmware

1 product

Gs108ev3 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Gs108ev3 Firmware	Up to 2.06.10

Running on/with	Platform Versions
Netgear Gs108ev3	All versions

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

https://jvn.jp/en/jp/JVN27806339/index.html

Source: vultures@jpcert.or.jp

Third Party Advisory

https://kb.netgear.com/000062496/GS108Ev3-Firmware-Version-2-06-14

Source: vultures@jpcert.or.jp

Vendor Advisory

https://jvn.jp/en/jp/JVN27806339/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://kb.netgear.com/000062496/GS108Ev3-Firmware-Version-2-06-14

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.