CVE-2019-20691
HIGHNETGEAR D3600/D6000/EX3700/EX3800/EX6000/EX6100/EX6120/EX6130/EX6150/EX6200/EX7000/WN2500RP CSRF
Title source: llmDescription
Certain NETGEAR devices are affected by CSRF. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.24, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150v1 before 1.0.0.42, EX6200 before 1.0.3.88, EX7000 before 1.0.0.66, and WN2500RPv2 before 1.0.1.54.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://kb.netgear.com/000061448/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Gateways-and-Extenders-PSV-2017-2747
Scores
CVSS v3
8.8
EPSS
0.0021
EPSS Percentile
43.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-352
Status
published
Products (12)
netgear/d3600_firmware
< 1.0.0.72
netgear/d6000_firmware
< 1.0.0.72
netgear/ex3700_firmware
< 1.0.0.70
netgear/ex3800_firmware
< 1.0.0.70
netgear/ex6000_firmware
< 1.0.0.30
netgear/ex6100_firmware
< 1.0.2.24
netgear/ex6120_firmware
< 1.0.0.40
netgear/ex6130_firmware
< 1.0.0.22
netgear/ex6150_firmware
< 1.0.0.42
netgear/ex6200_firmware
< 1.0.3.88
... and 2 more
Published
Apr 16, 2020
Tracked Since
Feb 18, 2026