Overview
- Description
- Cross-site request forgery (CSRF) vulnerability in NETGEAR switching hubs (GS716Tv2 Firmware version 5.4.2.30 and earlier, and GS724Tv3 Firmware version 5.4.2.30 and earlier) allow remote attackers to hijack the authentication of administrators and alter the settings of the device via unspecified vectors.
- Source
- vultures@jpcert.or.jp
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-352
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gs716t:v2:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "5B93D08F-4C7B-4DE6-A72A-5AAAC3E42F29"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gs716tv2_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9E282109-F38D-4D61-9B18-B4CBB6CC91B8",
"versionEndIncluding": "5.4.2.30"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gs724t:v3:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "15240AAD-9CDF-4E78-A43D-0AD0A21F0A05"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gs724tv3_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2A4BD1ED-C45A-4308-B906-DA5359F49C7A",
"versionEndIncluding": "5.4.2.30"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]