CVE-2018-21120 - OpenCVE

Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Netgear	Wnap210 Firmware Wac510 Firmware Wndap350 Wndap660 Wac505 Wndap360 Firmware Wndap350 Firmware Wac120 Wac505 Firmware Wac120 Firmware Wnap210 Wn604 Firmware Wndap360 Wnap320 Firmware Wndap620 Wndap620 Firmware Wnap320 Wndap660 Firmware Wnd930 Wnd930 Firmware Wac510 Wn604

Configuration 1 [-]

AND

cpe:2.3:o:netgear:wac120_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wac120:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:netgear:wac505_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wac505:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:netgear:wac510_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wac510:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:netgear:wnap320_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnap320:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:netgear:wnap210_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnap210:v2:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:netgear:wndap350_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wndap350:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:netgear:wndap360_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wndap360:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:netgear:wndap660_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wndap660:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:netgear:wndap620_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wndap620:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:netgear:wnd930_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnd930:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:netgear:wn604_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wn604:-:*:*:*:*:*:*:*

References

Link	Resource
https://kb.netgear.com/000060238/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Wireless-Access-Points-PSV-2018-0095	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-04-22T15:12:18

Updated: 2020-04-22T15:12:18

Reserved: 2020-04-20T00:00:00

Link: CVE-2018-21120

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-04-22T16:15:11.903

Modified: 2020-04-24T19:59:43.087

Link: CVE-2018-21120

JSON object: View

Redhat Information

No data.

CWE

CWE-352