FKIE_CVE-2018-21096

Vulnerability from fkie_nvd - Published: 2020-04-27 16:15 - Updated: 2024-11-21 04:02
Severity ?
7.4 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10.
References
cve@mitre.orghttps://kb.netgear.com/000060455/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Wireless-Access-Points-PSV-2018-0096Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://kb.netgear.com/000060455/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Wireless-Access-Points-PSV-2018-0096Vendor Advisory
Impacted products
Vendor Product Version
netgear wac120_firmware *
netgear wac120 -
netgear wac505_firmware *
netgear wac505 -
netgear wac510_firmware *
netgear wac510 -
netgear wnap320_firmware *
netgear wnap320 -
netgear wnap210_firmware *
netgear wnap210 v2
netgear wndap350_firmware *
netgear wndap350 -
netgear wndap360_firmware *
netgear wndap360 -
netgear wndap660_firmware *
netgear wndap660 -
netgear wndap620_firmware *
netgear wndap620 -
netgear wnd930_firmware *
netgear wnd930 -
netgear wn604_firmware *
netgear wn604 -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:wac120_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ED872A8-5B73-406B-8044-B1BD50A881EA",
              "versionEndExcluding": "2.1.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:wac120:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8E5414D-8F4F-4E21-B79F-61B14F0C9990",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:wac505_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E3819D8-D7C6-4491-BCCC-C6ED67C815DF",
              "versionEndExcluding": "5.0.5.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:wac505:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A51431E-AD34-4129-8E99-0A6BB8B7DF07",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:wac510_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "755E4AE7-BAC6-4526-B6F4-320CE8D319A6",
              "versionEndExcluding": "5.0.5.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:wac510:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "08B1B759-5015-4489-A2B4-0F580E884868",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:wnap320_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFC83243-B576-43FA-9339-90FF51DA75B6",
              "versionEndExcluding": "3.7.11.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:wnap320:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E2613E9-CAF9-4C04-85BC-E10BDF4B0E74",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:wnap210_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A66070C-92C0-45CD-A46F-64008E3D2268",
              "versionEndExcluding": "3.7.11.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:wnap210:v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B442489B-A88F-477C-A835-2081891A15CE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:wndap350_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A80C76F-0F02-43E7-87D3-FCC0898B99B8",
              "versionEndExcluding": "3.7.11.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:wndap350:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C82A16C2-DC48-4792-A4C7-8AC43F84196D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:wndap360_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D9BBA36-7705-4829-BD87-2B505E380C3B",
              "versionEndExcluding": "3.7.11.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:wndap360:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7975D6EC-1816-4D52-8C87-77C1B6404120",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:wndap660_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A24DDCC0-D625-4810-A7E7-4AAC705F034E",
              "versionEndExcluding": "3.7.11.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:wndap660:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "58D2492E-0CDC-4242-9206-7F0453B11CBD",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:wndap620_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "992B6FDF-8FC7-4ACF-BCB2-73C8D91ABB80",
              "versionEndExcluding": "2.1.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:wndap620:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "666A5E55-B07C-4615-A9F0-5CA8C7D40637",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:wnd930_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A282C49C-684B-4722-A6AC-CF2131F572A3",
              "versionEndExcluding": "2.1.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:wnd930:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "91593610-E45D-450B-AD40-74375DA37EF6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:wn604_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "918C4D1C-A684-47AD-AA42-926715D8568A",
              "versionEndExcluding": "3.3.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:wn604:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD31DCAA-BAA5-4463-9EA4-A7076A625407",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10."
    },
    {
      "lang": "es",
      "value": "Determinados dispositivos de NETGEAR est\u00e1n afectados por una vulnerabilidad de tipo CSRF. Esto afecta a WAC120 versiones anteriores a 2.1.7, WAC505 versiones anteriores a 5.0.5.4, WAC510 versiones anteriores a 5.0.5.4, WNAP320 versiones anteriores a 3.7.11.4, WNAP210v2 versiones anteriores a 3.7.11. 4, WNDAP350 versiones anteriores a 3.7.11.4, WNDAP360 versiones anteriores a 3.7.11.4, WNDAP660 versiones anteriores a 3.7.11.4, WNDAP620 versiones anteriores a 2.1.7, WND930 versiones anteriores a 2.1.5, y WN604 versiones anteriores a 3.3.10."
    }
  ],
  "id": "CVE-2018-21096",
  "lastModified": "2024-11-21T04:02:53.510",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.9,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 4.4,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.2,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.5,
        "impactScore": 3.6,
        "source": "cve@mitre.org",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.5,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-04-27T16:15:12.663",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.netgear.com/000060455/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Wireless-Access-Points-PSV-2018-0096"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.netgear.com/000060455/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Wireless-Access-Points-PSV-2018-0096"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.