CVE-2019-20691

EUVD-2019-11230
Certain NETGEAR devices are affected by CSRF. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.24, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150v1 before 1.0.0.42, EX6200 before 1.0.3.88, EX7000 before 1.0.0.66, and WN2500RPv2 before 1.0.1.54.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
mitreCNA
8.3 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AC:L/AV:N/A:L/C:H/I:H/PR:N/S:U/UI:R
Base Score
CVSS 3.x
EPSS Score
Percentile: 43%
Affected Products (NVD)
VendorProductVersion
netgeard3600_firmware
𝑥
< 1.0.0.72
netgeard6000_firmware
𝑥
< 1.0.0.72
netgearex3700_firmware
𝑥
< 1.0.0.70
netgearex3800_firmware
𝑥
< 1.0.0.70
netgearex6000_firmware
𝑥
< 1.0.0.30
netgearex6100_firmware
𝑥
< 1.0.2.24
netgearex6120_firmware
𝑥
< 1.0.0.40
netgearex6130_firmware
𝑥
< 1.0.0.22
netgearex6150_firmware
𝑥
< 1.0.0.42
netgearex6200_firmware
𝑥
< 1.0.3.88
netgearex7000_firmware
𝑥
< 1.0.0.66
netgearwn2500rp_firmware
𝑥
< 1.0.1.54
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://kb.netgear.com/000061448/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Gateways-and-Extenders-PSV-2017-2747
https://kb.netgear.com/000061448/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Gateways-and-Extenders-PSV-2017-2747