Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-1205

Summary
Assigner-tenable
Assigner Org ID-5ac1ecc2-367a-4d16-a0b2-35d495ddd0be
Published At-10 Mar, 2023 | 00:00
Updated At-28 Feb, 2025 | 16:21
Rejected At-
Credits

NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 is vulnerable to cross-site request forgery attacks on all endpoints due to improperly implemented CSRF protections.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:tenable
Assigner Org ID:5ac1ecc2-367a-4d16-a0b2-35d495ddd0be
Published At:10 Mar, 2023 | 00:00
Updated At:28 Feb, 2025 | 16:21
Rejected At:
▼CVE Numbering Authority (CNA)

NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 is vulnerable to cross-site request forgery attacks on all endpoints due to improperly implemented CSRF protections.

Affected Products
Vendor
n/a
Product
NETGEAR Nighthawk WiFi6 Router
Versions
Affected
  • prior to V1.0.10.94
Problem Types
TypeCWE IDDescription
textN/ACross Site Request Forgery
Type: text
CWE ID: N/A
Description: Cross Site Request Forgery
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://tenable.com/security/research/tra-2023-9
N/A
Hyperlink: https://tenable.com/security/research/tra-2023-9
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://tenable.com/security/research/tra-2023-9
x_transferred
Hyperlink: https://tenable.com/security/research/tra-2023-9
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-352CWE-352 Cross-Site Request Forgery (CSRF)
Type: CWE
CWE ID: CWE-352
Description: CWE-352 Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:vulnreport@tenable.com
Published At:10 Mar, 2023 | 18:15
Updated At:28 Feb, 2025 | 17:15

NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 is vulnerable to cross-site request forgery attacks on all endpoints due to improperly implemented CSRF protections.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Secondary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches
NETGEAR, Inc.
netgear
>>rax30_firmware>>Versions before 1.0.10.94(exclusive)
cpe:2.3:o:netgear:rax30_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>rax30>>-
cpe:2.3:h:netgear:rax30:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-352Primarynvd@nist.gov
CWE-352Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-352
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-352
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://tenable.com/security/research/tra-2023-9vulnreport@tenable.com
Third Party Advisory
https://tenable.com/security/research/tra-2023-9af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Hyperlink: https://tenable.com/security/research/tra-2023-9
Source: vulnreport@tenable.com
Resource:
Third Party Advisory
Hyperlink: https://tenable.com/security/research/tra-2023-9
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

2251Records found
CVE-2018-21160
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-0.12% / 31.99%
||
7 Day CHG~0.00%
Published-23 Apr, 2020 | 21:29
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR ReadyNAS devices before 6.9.3 are affected by CSRF.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-readynas_osn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-21102
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.17% / 38.31%
||
7 Day CHG~0.00%
Published-23 Apr, 2020 | 18:23
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR ReadyNAS devices before 6.9.3 are affected by CSRF.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-readynas_os_firmwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-18755
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.17% / 38.31%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 16:11
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by CSRF. This affects R6300v2 before 1.0.4.8, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000P before 1.0.0.86, R6900P before 1.0.0.56, R7300 before 1.0.0.54, R8300 before 1.0.2.106, R8500 before 1.0.2.106, DGN2200v4 before 1.0.0.86, DGND2200Bv4 before 1.0.0.86, R6050 before 1.0.0.86, JR6150 before 1.0.1.10, R6220 before 1.1.0.50, and WNDR3700v5 before V1.1.0.48.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-dgnd2200b_firmwarer8500r7300wndr3700r6700r7300_firmwarer8300_firmwarer6220_firmwarewndr3700_firmwarer6400_firmwarer6900pr6900r7000pr6900p_firmwaredgnd2200bdgn2200_firmwarer8300r8500_firmwarer6900_firmwarer6050_firmwarer6050dgn2200r6220jr6150_firmwarejr6150r6300r6400r6300_firmwarer6700_firmwarer7000p_firmwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-18775
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.20% / 42.32%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 14:44
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by CSRF. This affects R6100 before 1.0.1.12, R7500 before 1.0.0.108, WNDR3700v4 before 1.0.2.86, WNDR4300v1 before 1.0.2.88, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.42.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r7500_firmwarewndr3700wndr4500wnr2000r6100wndr3700_firmwarewndr4300wndr4500_firmwarewnr2000_firmwarer6100_firmwarer7500wndr4300_firmwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-18768
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.26% / 49.47%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 15:36
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by CSRF. This affects EX6100 before 1.0.2.16_1.1.130, EX6100v2 before 1.0.1.70, EX6150v2 before 1.0.1.54, EX6200v2 before 1.0.1.50, EX6400 before 1.0.1.60, EX7300 before 1.0.1.60, and WN3000RPv3 before 1.0.2.44.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wn3000rp_firmwarewn3000rpex6400_firmwareex6100_firmwareex7300ex7300_firmwareex6400ex6200ex6200_firmwareex6150ex6150_firmwareex6100n/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-18782
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.44% / 62.33%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 14:34
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by CSRF. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JR6150 before 1.0.1.12, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 before 1.0.1.12, R6080 before 1.0.0.26, R6120 before 1.0.0.36, R6220 before 1.1.0.60, R6700v2 before 1.2.0.12, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-jnr1010_firmwarewnr2020_firmwarewndr3700r6120wnr2020r6220_firmwarepr2000r6080_firmwarejwnr2010r6120_firmwarer6800wnr1000_firmwarer6050pr2000_firmwarer6220r6020r6020_firmwared7000r6080d7000_firmwarer6700wndr3700_firmwarewnr1000r6900d6200_firmwarer6900_firmwarer6050_firmwarewnr2050d6200jr6150_firmwarejr6150wnr2050_firmwarejnr1010r6700_firmwarer6800_firmwarejwnr2010_firmwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-18852
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.03% / 8.37%
||
7 Day CHG~0.00%
Published-20 Apr, 2020 | 12:42
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by CSRF and authentication bypass. This affects R7300DST before 1.0.0.54, R8300 before 1.0.2.100_1.0.82, R8500 before 1.0.2.100_1.0.82, and WNDR3400v3 before 1.0.1.14.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r8300r7300dst_firmwarer8500_firmwarer8500wndr3400_firmwarer8300_firmwarer7300dstwndr3400n/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-35223
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 34.92%
||
7 Day CHG~0.00%
Published-10 Mar, 2021 | 17:57
Updated-04 Aug, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The CSRF protection mechanism implemented in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices could be bypassed by omitting the CSRF token parameter in HTTP requests.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-jgs516pe_firmwaregs116e_firmwaregs116ejgs516pen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-18848
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.17% / 38.31%
||
7 Day CHG~0.00%
Published-20 Apr, 2020 | 15:24
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by CSRF. This affects R6300v2 before 1.0.0.36, AC1450 before 1.0.0.36, R7300 before 1.0.0.54, and R8500 before 1.0.2.94.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r8500_firmwarer8500r7300ac1450r7300_firmwareac1450_firmwarer6300r6300_firmwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-18791
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.17% / 38.31%
||
7 Day CHG~0.00%
Published-21 Apr, 2020 | 18:50
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by CSRF. This affects R6050/JR6150 before 1.0.1.7, PR2000 before 1.0.0.17, R6220 before 1.1.0.50, WNDR3700v5 before 1.1.0.48, JNR1010v2 before 1.1.0.40, JWNR2010v5 before 1.1.0.40, WNR1000v4 before 1.1.0.40, WNR2020 before 1.1.0.40, WNR2050 before 1.1.0.40, WNR614 before 1.1.0.40, WNR618 before 1.1.0.40, and D7000 before 1.0.1.50.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-jnr1010_firmwarewnr618d7000wnr2020_firmwarewnr614wnr614_firmwarewndr3700d7000_firmwarewnr2020r6220_firmwarewndr3700_firmwarepr2000wnr1000jwnr2010wnr1000_firmwarer6050_firmwarer6050pr2000_firmwarewnr2050r6220jr6150jr6150_firmwarewnr2050_firmwarejnr1010wnr618_firmwarejwnr2010_firmwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-18742
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.17% / 38.31%
||
7 Day CHG~0.00%
Published-23 Apr, 2020 | 15:45
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by CSRF. This affects JR6150 before 1.0.1.10, R6050 before 1.0.1.10, R6250 before 1.0.4.12, R6300v2 before 1.0.4.8, R6700 before 1.0.1.16, R6900 before 1.0.1.16, R7300DST before 1.0.0.54, R7900 before 1.0.1.12, R8000 before 1.0.3.32, and R8500 before 1.0.2.74.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r8500r6700r8000r7900r6900r8500_firmwarer7300dst_firmwarer6900_firmwarer6050_firmwarer6050r7900_firmwarejr6150jr6150_firmwarer6300r7300dstr6300_firmwarer6700_firmwarer6250_firmwarer8000_firmwarer6250n/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-18703
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.17% / 38.31%
||
7 Day CHG~0.00%
Published-24 Apr, 2020 | 14:08
Updated-05 Aug, 2024 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by CSRF. This affects D1500 before 1.0.0.25, D500 before 1.0.0.25, D6100 before 1.0.0.55, D7000 before 1.0.1.50, D7800 before 1.0.1.28, EX6100v2 before 1.0.1.60, EX6150v2 before 1.0.1.60, JNR1010v2 before 1.1.0.46, JR6150 before 1.0.1.16, JWNR2010v5 before 1.1.0.46, PR2000 before 1.0.0.18, R6020 before 1.0.0.26, R6050 before 1.0.1.16, R6080 before 1.0.0.26, R6100 before 1.0.1.20, R6220 before 1.1.0.60, R7500 before 1.0.0.118, R7500v2 before 1.0.3.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WN3000RPv3 before 1.0.2.50, WN3100RPv2 before 1.0.0.40, WNDR3700v5 before 1.1.0.48, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.46, WNR2000v5 before 1.0.0.62, WNR2020 before 1.1.0.46, and WNR2050 before 1.1.0.46.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-jnr1010_firmwared500wn3000rpwnr2020_firmwarewndr3700wnr2020r6220_firmwarepr2000r6080_firmwared7800jwnr2010r6100_firmwarewn3100rp_firmwarewndr4300_firmwared500_firmwared1500r7500_firmwarewnr1000_firmwarewn3100rpr6050pr2000_firmwared6100_firmwarer6220r6020wndr4500r6100r6020_firmwareex6100wn3000rp_firmwared7800_firmwared7000r9000_firmwarer6080d7000_firmwarewndr3700_firmwarewnr1000wndr4500_firmwarewnr2000_firmwareex6150r7500r9000r6050_firmwarer7800wnr2050ex6100_firmwared1500_firmwared6100jr6150_firmwarejr6150wnr2000wnr2050_firmwarewndr4300jnr1010r7800_firmwarejwnr2010_firmwareex6150_firmwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-18781
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.17% / 38.31%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 14:35
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by CSRF. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, JR6150 before 1.0.1.12, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 before 1.0.1.12, R6080 before 1.0.0.26, R6120 before 1.0.0.36, R6220 before 1.1.0.60, R6700v2 before 1.2.0.12, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-jnr1010_firmwarewnr2020_firmwarewndr3700r6120wnr2020r6220_firmwarepr2000r6080_firmwarejwnr2010r6120_firmwarer6800wnr1000_firmwarer6050pr2000_firmwarer6220r6020r6020_firmwared7000r6080d7000_firmwarer6700wndr3700_firmwarewnr1000r6900d6200_firmwarer6900_firmwarer6050_firmwarewnr2050d6200jr6150_firmwarejr6150wnr2050_firmwarejnr1010r6700_firmwarer6800_firmwarejwnr2010_firmwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-18842
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.17% / 38.31%
||
7 Day CHG~0.00%
Published-20 Apr, 2020 | 15:46
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by CSRF. This affects R7300 before 1.0.0.54, R8500 before 1.0.2.94, DGN2200v1 before 1.0.0.55, and D2200D/D2200DW-1FRNAS before 1.0.0.32.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-dgn2200_firmwarer8500_firmwarer8500r7300dgn2200d2200dd2200d_firmwarer7300_firmwared2200dw-1frnas_firmwared2200dw-1frnasn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-18749
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.17% / 38.31%
||
7 Day CHG~0.00%
Published-23 Apr, 2020 | 15:25
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by CSRF. This affects JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, R6050 before 1.0.1.10, R6100 before 1.0.1.16, R6220 before 1.1.0.50, R7500 before 1.0.0.112, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R9000 before 1.0.2.40, WNDR3700v4 before 1.0.2.88, WNDR3700v5 before 1.1.0.48, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.44, WNR2000v5 before 1.0.0.58, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-jnr1010_firmwarewnr2020_firmwarewndr3700wnr2020r6220_firmwarejwnr2010r6100_firmwarewndr4300_firmwarer7500_firmwarewnr1000_firmwarer6050r6220wndr4500r6100r9000_firmwarewndr3700_firmwarewnr1000wndr4500_firmwarewnr2000_firmwarer9000r7500r6050_firmwarer7800wnr2050jr6150jr6150_firmwarewnr2000wnr2050_firmwarewndr4300jnr1010r7800_firmwarejwnr2010_firmwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-20487
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.33% / 55.54%
||
7 Day CHG~0.00%
Published-02 Mar, 2020 | 15:06
Updated-05 Aug, 2024 | 02:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple actions within the WNR1000V4 web management console are vulnerable to an unauthenticated GET request (exploitable directly or through CSRF), as demonstrated by the setup.cgi?todo=save_htp_account URI.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wnr1000_firmwarewnr1000n/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-20691
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.3||HIGH
EPSS-0.21% / 43.46%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 14:26
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by CSRF. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.24, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150v1 before 1.0.0.42, EX6200 before 1.0.3.88, EX7000 before 1.0.0.66, and WN2500RPv2 before 1.0.1.54.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-ex6130_firmwared6000_firmwareex3800_firmwareex6200ex7000d6000ex6200_firmwareex6150ex3700d3600_firmwareex3800ex6100_firmwareex3700_firmwared3600ex6000wn2500rpwn2500rp_firmwareex7000_firmwareex6120ex6130ex6120_firmwareex6150_firmwareex6000_firmwareex6100n/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-6277
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-94.28% / 99.93%
||
7 Day CHG+0.03%
Published-14 Dec, 2016 | 16:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-09-07||Apply updates per vendor instructions.

NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r6400r7000_firmwarer7100lgr7900_firmwarer8000r6900r8000_firmwared6220r7300dst_firmwarer7000r7300dstr7100lg_firmwared6220_firmwared6400_firmwarer6700r6900_firmwarer6400_firmwarer6250_firmwarer6700_firmwared6400r7900r6250n/aMultiple Routers
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-13395
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.18% / 40.17%
||
7 Day CHG~0.00%
Published-13 Mar, 2020 | 17:24
Updated-04 Aug, 2024 | 23:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Voo branded NETGEAR CG3700b custom firmware V2.02.03 allows CSRF against all /goform/ URIs. An attacker can modify all settings including WEP/WPA/WPA2 keys, restore the router to factory settings, or even upload an entire malicious configuration file.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-cg3700bcg3700b_firmwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-35778
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 39.55%
||
7 Day CHG~0.00%
Published-29 Dec, 2020 | 23:41
Updated-04 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by CSRF. This affects GS716Tv3 before 6.3.1.36 and GS724Tv4 before 6.3.1.36.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-gs724tgs724t_firmwaregs716t_firmwaregs716tn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-26912
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.16% / 37.77%
||
7 Day CHG~0.00%
Published-09 Oct, 2020 | 06:31
Updated-04 Aug, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by CSRF. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JR6150 before 1.0.1.24, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.62, and WNR2020 before 1.1.0.62.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r6700v2_firmwared7000wnr2020_firmwarer6120r6080r7450_firmwarewnr2020d7000_firmwarer6220_firmwarer6080_firmwarer6900v2r6120_firmwared6200_firmwarer6800r6900v2_firmwarer6050_firmwarer6700v2r6050r7450r6260_firmwarer6260r6220r6020jr6150_firmwared6200jr6150r6020_firmwarer6800_firmwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-18708
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.17% / 38.31%
||
7 Day CHG~0.00%
Published-24 Apr, 2020 | 13:59
Updated-05 Aug, 2024 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by CSRF. This affects R8300 before 1.0.2.94 and R8500 before 1.0.2.94.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r8300_firmwarer8300r8500_firmwarer8500n/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-14432
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.18% / 40.05%
||
7 Day CHG~0.00%
Published-18 Jun, 2020 | 16:33
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by CSRF. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs750_firmwarerbs850_firmwarerbr850rbr750_firmwarerbk842rbk853_firmwarerbs850rbk752_firmwarerbk753_firmwarerbk752rbr750rbs750rbs840_firmwarerbk853rbr840rbk753rbk753srbr840_firmwarerbk852_firmwarerbk852rbk842_firmwarerbk753s_firmwarerbr850_firmwarerbs840n/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-42221
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.64% / 69.72%
||
7 Day CHG~0.00%
Published-17 Oct, 2022 | 00:00
Updated-15 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netgear R6220 v1.1.0.114_1.0.1 suffers from Incorrect Access Control, resulting in a command injection vulnerability.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r6220_firmwarer6220n/a
CVE-2019-19494
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-70.82% / 98.64%
||
7 Day CHG~0.00%
Published-09 Jan, 2020 | 12:11
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote attacker to execute arbitrary code at the kernel level via JavaScript run in a victim's browser. Examples of affected products include Sagemcom F@st 3890 prior to 50.10.21_T4, Sagemcom F@st 3890 prior to 05.76.6.3f, Sagemcom F@st 3686 3.428.0, Sagemcom F@st 3686 4.83.0, NETGEAR CG3700EMR 2.01.05, NETGEAR CG3700EMR 2.01.03, NETGEAR C6250EMR 2.01.05, NETGEAR C6250EMR 2.01.03, Technicolor TC7230 STEB 01.25, COMPAL 7284E 5.510.5.11, and COMPAL 7486E 5.510.5.11.

Action-Not Available
Vendor-technicolorcompalsagemcomn/aNETGEAR, Inc.
Product-cg3700emr_firmware7284ef\@st_3686f\@st_3890tc7230_steb_firmwarec6250emr_firmwarec6250emr7486ef\@st_3686_firmwarecg3700emrtc7230_steb7284e_firmware7486e_firmwaref\@st_3890_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2016-11015
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 47.49%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 00:25
Updated-06 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR JNR1010 devices before 1.0.0.32 allow cgi-bin/webproc CSRF via the :InternetGatewayDevice.X_TWSZ-COM_URL_Filter.BlackList.1.URL parameter.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-jnr1010_firmwarejnr1010n/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-11055
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 31.55%
||
7 Day CHG~0.00%
Published-28 Apr, 2020 | 15:59
Updated-06 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by CSRF. This affects CM400 before 2017-01-11, CM600 before 2017-01-11, D1500 before 2017-01-11, D500 before 2017-01-11, DST6501 before 2017-01-11, JNR1010v1 before 2017-01-11, JWNR2000Tv3 before 2017-01-11, JWNR2010v3 before 2017-01-11, PLW1000 before 2017-01-11, PLW1010 before 2017-01-11, WNR500 before 2017-01-11, WNR612v3 before 2017-01-11, N450 before 2017-01-11, and CG3000Dv2 before 2017-01-11.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-jnr1010_firmwared500cm400n450_cg3000d_firmwaredst6501_firmwareplw1000_firmwarecm400_firmwaren450_cg3000dwnr612_firmwareplw1000jwnr2010cm600_firmwared500_firmwared1500jwnr2000t_firmwarejwnr2000tdst6501d1500_firmwareplw1010cm600jnr1010wnr500wnr500_firmwarewnr612plw1010_firmwarejwnr2010_firmwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-21096
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.2||MEDIUM
EPSS-0.05% / 13.98%
||
7 Day CHG~0.00%
Published-27 Apr, 2020 | 15:56
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wnd930_firmwarewnap320_firmwarewndap360wnap320wnd930wndap660_firmwarewndap620_firmwarewndap360_firmwarewac505_firmwarewndap350_firmwarewac120wn604_firmwarewn604wac120_firmwarewac505wac510wac510_firmwarewnap210wndap620wndap660wndap350wnap210_firmwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-21120
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.2||MEDIUM
EPSS-0.17% / 38.63%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 15:12
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wnd930_firmwarewnap320_firmwarewndap360wnap320wnd930wndap660_firmwarewndap620_firmwarewndap360_firmwarewac505_firmwarewndap350_firmwarewac120wn604_firmwarewn604wac120_firmwarewac505wac510wac510_firmwarewnap210wndap620wndap660wndap350wnap210_firmwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-32122
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.18% / 39.27%
||
7 Day CHG~0.00%
Published-10 Aug, 2021 | 23:58
Updated-03 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by CSRF. This affects EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, and EX6130 before 1.0.0.44.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-ex3800ex6130_firmwareex3700_firmwareex6120ex3800_firmwareex6130ex6120_firmwareex3700n/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-3516
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.22% / 44.28%
||
7 Day CHG~0.00%
Published-13 Nov, 2019 | 19:30
Updated-06 Aug, 2024 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR WNR3500U and WNR3500L routers uses form tokens abased solely on router's current date and time, which allows attackers to guess the CSRF tokens.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wnr3500u_firmwarewnr3500uwnr3500l_firmwarewnr3500ln/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-6366
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.25% / 47.81%
||
7 Day CHG~0.00%
Published-15 Mar, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in NETGEAR DGN2200 routers with firmware 10.0.0.20 through 10.0.0.50 allows remote attackers to hijack the authentication of users for requests that perform DNS lookups via the host_name parameter to dnslookup.cgi. NOTE: this issue can be combined with CVE-2017-6334 to execute arbitrary code remotely.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-dgn2200v3dgn2200v1dgn2200_firmwaredgn2200v4dgn2200v2n/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-18861
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-0.05% / 16.05%
||
7 Day CHG~0.00%
Published-28 Apr, 2020 | 15:53
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by CSRF. This affects ReadyNAS Surveillance 1.4.3-15-x86 and earlier and ReadyNAS Surveillance 1.1.4-5-ARM and earlier.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-readynas_surveillancen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-14526
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-0.16% / 37.01%
||
7 Day CHG~0.00%
Published-14 Aug, 2019 | 20:50
Updated-05 Aug, 2024 | 00:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. The web-interface Cross-Site Request Forgery token is stored in a dynamically generated JavaScript file, and therefore can be embedded in third party pages, and re-used against the Nighthawk web interface. This entirely bypasses the intended security benefits of the use of a CSRF-protection token.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-mr1100mr1100_firmwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-5641
Matching Score-6
Assigner-JPCERT/CC
ShareView Details
Matching Score-6
Assigner-JPCERT/CC
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 26.90%
||
7 Day CHG~0.00%
Published-24 Nov, 2020 | 06:55
Updated-04 Aug, 2024 | 08:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in GS108Ev3 firmware version 2.06.10 and earlier allows remote attackers to hijack the authentication of administrators and the product's settings may be changed without the user's intention or consent via unspecified vectors.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-gs108ev3gs108ev3_firmwareGS108Ev3
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-2752
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.18% / 39.65%
||
7 Day CHG~0.00%
Published-12 Dec, 2013 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in frontview/lib/np_handler.pl in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to hijack the authentication of users.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-raidiatorn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-5621
Matching Score-6
Assigner-JPCERT/CC
ShareView Details
Matching Score-6
Assigner-JPCERT/CC
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 37.03%
||
7 Day CHG~0.00%
Published-28 Aug, 2020 | 04:05
Updated-04 Aug, 2024 | 08:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in NETGEAR switching hubs (GS716Tv2 Firmware version 5.4.2.30 and earlier, and GS724Tv3 Firmware version 5.4.2.30 and earlier) allow remote attackers to hijack the authentication of administrators and alter the settings of the device via unspecified vectors.

Action-Not Available
Vendor-Neuroinformatics Unit, Integrative Computational Brain Science Collaboration Division, RIKEN Center for Brain ScienceNETGEAR, Inc.
Product-gs724tgs724tv3_firmwaregs716tgs716tv2_firmwareMultiple NETGEAR switching hubs
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2010-3305
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.50% / 64.97%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 21:09
Updated-07 Aug, 2024 | 03:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in pixelpost 1.7.3 could allow remote attackers to change the admin password.

Action-Not Available
Vendor-pixelpostpixelpost
Product-pixelpostpixelpost
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-15009
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.05% / 14.80%
||
7 Day CHG~0.00%
Published-05 Jan, 2023 | 08:09
Updated-25 Nov, 2024 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenACS bug-tracker Search nav-bar.adp cross-site request forgery

A vulnerability classified as problematic has been found in OpenACS bug-tracker. Affected is an unknown function of the file lib/nav-bar.adp of the component Search. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The name of the patch is aee43e5714cd8b697355ec3bf83eefee176d3fc3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217440.

Action-Not Available
Vendor-openacsOpenACS
Product-bug-trackerbug-tracker
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-38705
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.72% / 71.45%
||
7 Day CHG~0.00%
Published-07 Sep, 2021 | 19:25
Updated-04 Aug, 2024 | 01:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ClinicCases 7.3.3 is affected by Cross-Site Request Forgery (CSRF). A successful attack would consist of an authenticated user following a malicious link, resulting in arbitrary actions being carried out with the privilege level of the targeted user. This can be exploited to create a secondary administrator account for the attacker.

Action-Not Available
Vendor-cliniccasesn/a
Product-cliniccasesn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-20856
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.49%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 00:00
Updated-27 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware vRealize Operations (vROps) contains a CSRF bypass vulnerability. A malicious user could execute actions on the vROps platform on behalf of the authenticated victim user.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-vrealize_operationsVMware vRealize Operations (vROps)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-34937
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.32% / 54.73%
||
7 Day CHG~0.00%
Published-03 Aug, 2022 | 00:50
Updated-03 Aug, 2024 | 09:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Yuba u5cms v8.3.5 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component savepage.php. This vulnerability allows attackers to execute arbitrary code.

Action-Not Available
Vendor-yuban/a
Product-u5cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-28195
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.1||HIGH
EPSS-0.64% / 69.53%
||
7 Day CHG~0.00%
Published-13 Mar, 2024 | 17:16
Updated-15 Apr, 2025 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) vulnerability in API and login in your_spotify

your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify versions < 1.9.0 do not protect the API and login flow against Cross-Site Request Forgery (CSRF). Attackers can use this to execute CSRF attacks on victims, allowing them to retrieve, modify or delete data on the affected YourSpotify instance. Using repeated CSRF attacks, it is also possible to create a new user on the victim instance and promote the new user to instance administrator if a legitimate administrator visits a website prepared by an attacker. Note: Real-world exploitability of this vulnerability depends on the browser version and browser settings in use by the victim. This issue has been addressed in version 1.9.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-yooooomiYooooomiyooooomi
Product-your_spotifyyour_spotifyyour_spotify
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-36569
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.24% / 47.47%
||
7 Day CHG~0.00%
Published-03 Feb, 2023 | 00:00
Updated-26 Mar, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /users/delete/2.

Action-Not Available
Vendor-thedaylightstudion/a
Product-fuel_cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-3819
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 34.84%
||
7 Day CHG~0.00%
Published-27 Sep, 2021 | 12:25
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

Action-Not Available
Vendor-firefly-iiifirefly-iii
Product-firefly_iiifirefly-iii/firefly-iii
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2011-1085
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.16% / 37.07%
||
7 Day CHG~0.00%
Published-07 Feb, 2020 | 20:51
Updated-06 Aug, 2024 | 22:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CSRF vulnerability in Smoothwall Express 3.

Action-Not Available
Vendor-smoothwallSmoothwall
Product-smoothwall_expressSmoothwall Express
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-27948
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 23.89%
||
7 Day CHG~0.00%
Published-28 Feb, 2024 | 18:17
Updated-14 Feb, 2025 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Atahualpa Theme <= 3.7.24 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in bytesforall Atahualpa.This issue affects Atahualpa: from n/a through 3.7.24.

Action-Not Available
Vendor-bytesforallbytesforall
Product-atahualpaAtahualpa
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-6497
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.60%
||
7 Day CHG~0.00%
Published-15 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 06:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MFSBGN03810 rev.1 - Universal CMDB, Deserialization Java Objects and CSRF

Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Server version DDM Content Pack V 10.20, 10.21, 10.22, 10.22 CUP7, 10.30, 10.31, 10.32, 10.33, 10.33 CUP2, 11.0 and CMS Server version 2018.05 BACKGROUND which could allow for remote unsafe deserialization and cross-site request forgery (CSRF).

Action-Not Available
Vendor-Micro Focus International Limited
Product-universal_cmbd_servercms_serverUniversal CMDB ServerCMS Server
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2016-15005
Matching Score-4
Assigner-Go Project
ShareView Details
Matching Score-4
Assigner-Go Project
CVSS Score-8.8||HIGH
EPSS-0.04% / 8.83%
||
7 Day CHG~0.00%
Published-27 Dec, 2022 | 21:13
Updated-11 Apr, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cryptographically weak random number generation in github.com/dinever/golf

CSRF tokens are generated using math/rand, which is not a cryptographically secure random number generator, allowing an attacker to predict values and bypass CSRF protections with relatively few requests.

Action-Not Available
Vendor-golf_projectgithub.com/dinever/golf
Product-golfgithub.com/dinever/golf
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-7746
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.34% / 79.18%
||
7 Day CHG~0.00%
Published-07 Mar, 2018 | 17:00
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Western Bridge Cobub Razor 0.7.2. Authentication is not required for /index.php?/manage/channel/modifychannel. For example, with a crafted channel name, stored XSS is triggered during a later /index.php?/manage/channel request by an admin.

Action-Not Available
Vendor-cobubn/a
Product-razorn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 45
  • 46
  • Next
Details not found