var-202004-1556
Vulnerability from variot
Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10. plural NETGEAR A cross-site request forgery vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WAC505, etc. are all a wireless access point (AP) of NETGEAR company. The vulnerability stems from the fact that the WEB application does not fully verify whether the request comes from a trusted user. An attacker can use this vulnerability to send unexpected requests to the server through the affected client
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-1556",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wac505",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "5.0.5.4"
},
{
"model": "wac510",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "5.0.5.4"
},
{
"model": "wac120",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "2.1.7"
},
{
"model": "wn604",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "3.3.10"
},
{
"model": "wnap320",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wndap350",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wndap360",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wndap660",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wndap620",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "2.1.7"
},
{
"model": "wnd930",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "2.1.5"
},
{
"model": "wnap210",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wac120",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.1.7"
},
{
"model": "wac505",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "5.0.5.4"
},
{
"model": "wac510",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "5.0.5.4"
},
{
"model": "wnap210",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wnap320",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wnd930",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.1.5"
},
{
"model": "wndap350",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wndap360",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wndap620",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.1.7"
},
{
"model": "wndap660",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wnap210v2",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "3.7.11.4"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-59162"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016301"
},
{
"db": "NVD",
"id": "CVE-2018-21120"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:netgear:wac120_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:wac505_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:wac510_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:wnap210_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:wnap320_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:wnd930_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:wndap350_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:wndap360_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:wndap620_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:wndap660_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016301"
}
]
},
"cve": "CVE-2018-21120",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "CVE-2018-21120",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-016301",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "CNVD-2021-59162",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.1,
"id": "CVE-2018-21120",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "cve@mitre.org",
"availabilityImpact": "HIGH",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.5,
"id": "CVE-2018-21120",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.0,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2018-016301",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-21120",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cve@mitre.org",
"id": "CVE-2018-21120",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2018-016301",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-59162",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-1917",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-59162"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016301"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1917"
},
{
"db": "NVD",
"id": "CVE-2018-21120"
},
{
"db": "NVD",
"id": "CVE-2018-21120"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10. plural NETGEAR A cross-site request forgery vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WAC505, etc. are all a wireless access point (AP) of NETGEAR company. The vulnerability stems from the fact that the WEB application does not fully verify whether the request comes from a trusted user. An attacker can use this vulnerability to send unexpected requests to the server through the affected client",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-21120"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016301"
},
{
"db": "CNVD",
"id": "CNVD-2021-59162"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-21120",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016301",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-59162",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1917",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-59162"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016301"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1917"
},
{
"db": "NVD",
"id": "CVE-2018-21120"
}
]
},
"id": "VAR-202004-1556",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-59162"
}
],
"trust": 1.065498345
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-59162"
}
]
},
"last_update_date": "2024-11-23T22:48:01.387000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Advisory for Cross Site Request Forgery on Some Wireless Access Points, PSV-2018-0095",
"trust": 0.8,
"url": "https://kb.netgear.com/000060238/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Wireless-Access-Points-PSV-2018-0095"
},
{
"title": "Patch for Cross-site request forgery vulnerability in multiple NETGEAR products (CNVD-2021-59162)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/284356"
},
{
"title": "Multiple NETGEAR Repair measures for product cross-site request forgery vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117250"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-59162"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016301"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1917"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016301"
},
{
"db": "NVD",
"id": "CVE-2018-21120"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-21120"
},
{
"trust": 1.6,
"url": "https://kb.netgear.com/000060238/security-advisory-for-cross-site-request-forgery-on-some-wireless-access-points-psv-2018-0095"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21120"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-59162"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016301"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1917"
},
{
"db": "NVD",
"id": "CVE-2018-21120"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-59162"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016301"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1917"
},
{
"db": "NVD",
"id": "CVE-2018-21120"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-59162"
},
{
"date": "2020-05-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-016301"
},
{
"date": "2020-04-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1917"
},
{
"date": "2020-04-22T16:15:11.903000",
"db": "NVD",
"id": "CVE-2018-21120"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-59162"
},
{
"date": "2020-05-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-016301"
},
{
"date": "2020-04-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1917"
},
{
"date": "2024-11-21T04:02:56.987000",
"db": "NVD",
"id": "CVE-2018-21120"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-1917"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural NETGEAR Cross-site request forgery vulnerability in device",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016301"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-1917"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.