Vulnerability Details : CVE-2020-5621
Cross-site request forgery (CSRF) vulnerability in NETGEAR switching hubs (GS716Tv2 Firmware version 5.4.2.30 and earlier, and GS724Tv3 Firmware version 5.4.2.30 and earlier) allow remote attackers to hijack the authentication of administrators and alter the settings of the device via unspecified vectors.
Vulnerability category: Cross-site request forgery (CSRF)
Products affected by CVE-2020-5621
- cpe:2.3:o:netgear:gs716tv2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:gs724tv3_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-5621
0.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 57 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-5621
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST | |
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
2.8
|
1.4
|
NIST |
CWE ids for CVE-2020-5621
-
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-5621
-
http://jvn.jp/en/jp/JVN29903998/index.html
JVN#29903998: Multiple NETGEAR switching hubs vulnerable to cross-site request forgeryThird Party Advisory
-
https://jvn.jp/en/jp/JVN29903998/index.html
JVN#29903998: Multiple NETGEAR switching hubs vulnerable to cross-site request forgeryThird Party Advisory
-
https://www.netgear.com/support/product/gs724tv3.aspx
GS724Tv3 | Product | Support | NETGEARPatch;Vendor Advisory
-
https://www.netgear.com/support/product/gs716Tv2.aspx
GS716Tv2 | Product | Support | NETGEARPatch;Vendor Advisory
Jump to