Description
Cross-site request forgery (CSRF) vulnerability in NETGEAR switching hubs (GS716Tv2 Firmware version 5.4.2.30 and earlier, and GS724Tv3 Firmware version 5.4.2.30 and earlier) allow remote attackers to hijack the authentication of administrators and alter the settings of the device via unspecified vectors.
References (4)
Core 4
Core References
Patch, Vendor Advisory x_refsource_misc
https://www.netgear.com/support/product/gs716Tv2.aspx
Patch, Vendor Advisory x_refsource_misc
https://www.netgear.com/support/product/gs724tv3.aspx
Third Party Advisory x_refsource_misc
https://jvn.jp/en/jp/JVN29903998/index.html
Third Party Advisory third-party-advisory
x_refsource_jvn
http://jvn.jp/en/jp/JVN29903998/index.html
Scores
CVSS v3
4.3
EPSS
0.0016
EPSS Percentile
36.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Details
CWE
CWE-352
Status
published
Products (2)
netgear/gs716tv2_firmware
< 5.4.2.30
netgear/gs724tv3_firmware
< 5.4.2.30
Published
Aug 28, 2020
Tracked Since
Feb 18, 2026