CVE-2016-11055
MEDIUMNETGEAR Multiple Devices < 2017-01-11 - Cross-Site Request Forgery
Title source: llmDescription
Certain NETGEAR devices are affected by CSRF. This affects CM400 before 2017-01-11, CM600 before 2017-01-11, D1500 before 2017-01-11, D500 before 2017-01-11, DST6501 before 2017-01-11, JNR1010v1 before 2017-01-11, JWNR2000Tv3 before 2017-01-11, JWNR2010v3 before 2017-01-11, PLW1000 before 2017-01-11, PLW1010 before 2017-01-11, WNR500 before 2017-01-11, WNR612v3 before 2017-01-11, N450 before 2017-01-11, and CG3000Dv2 before 2017-01-11.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://kb.netgear.com/30114/NETGEAR-Product-Vulnerability-Advisory-CSRF-LocalFile-XSS
Scores
CVSS v3
4.3
EPSS
0.0016
EPSS Percentile
37.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Details
CWE
CWE-352
Status
published
Products (13)
netgear/cm400_firmware
< 2017-01-11
netgear/cm600_firmware
< 2017-01-11
netgear/d1500_firmware
< 1.0.0.20
netgear/d500_firmware
< 2017-01-11
netgear/dst6501_firmware
< 1.0.0.36
netgear/jnr1010_firmware
< 2017-01-11
netgear/jwnr2000t_firmware
< 2017-01-11
netgear/jwnr2010_firmware
< 2017-01-11
netgear/n450_cg3000d_firmware
< 2017-01-11
netgear/plw1000_firmware
< 1.0.0.22
... and 3 more
Published
Apr 28, 2020
Tracked Since
Feb 18, 2026