CVE-2020-5621

EUVD-2020-26782
Cross-site request forgery (CSRF) vulnerability in NETGEAR switching hubs (GS716Tv2 Firmware version 5.4.2.30 and earlier, and GS724Tv3 Firmware version 5.4.2.30 and earlier) allow remote attackers to hijack the authentication of administrators and alter the settings of the device via unspecified vectors.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
Affected Products (NVD)
VendorProductVersion
netgeargs716tv2_firmware
𝑥
≤ 5.4.2.30
netgeargs724tv3_firmware
𝑥
≤ 5.4.2.30
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://jvn.jp/en/jp/JVN29903998/index.html
https://jvn.jp/en/jp/JVN29903998/index.html
https://www.netgear.com/support/product/gs716Tv2.aspx
https://www.netgear.com/support/product/gs724tv3.aspx
http://jvn.jp/en/jp/JVN29903998/index.html
https://jvn.jp/en/jp/JVN29903998/index.html
https://www.netgear.com/support/product/gs716Tv2.aspx
https://www.netgear.com/support/product/gs724tv3.aspx