CVE-2019-20691

Certain NETGEAR devices are affected by CSRF. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.24, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150v1 before 1.0.0.42, EX6200 before 1.0.3.88, EX7000 before 1.0.0.66, and WN2500RPv2 before 1.0.1.54.

Published: Apr 16, 2020
Updated: Apr 13, 2023
CVE: CVE-2019-20691
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-352

Affected Software
References

Software	From	Fixed in
netgear / d3600_firmware	-	1.0.0.72
netgear / d6000_firmware	-	1.0.0.72
netgear / ex3700_firmware	-	1.0.0.70
netgear / ex3800_firmware	-	1.0.0.70
netgear / ex6000_firmware	-	1.0.0.30
netgear / ex6100_firmware	-	1.0.2.24
netgear / ex6120_firmware	-	1.0.0.40
netgear / ex6130_firmware	-	1.0.0.22
netgear / ex6150_firmware	-	1.0.0.42
netgear / ex6200_firmware	-	1.0.3.88
netgear / ex7000_firmware	-	1.0.0.66
netgear / wn2500rp_firmware	-	1.0.1.54

https://kb.netgear.com/000061448/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Gateways-and-Extenders-PSV-2017-2747

Vulnerability Database

289,784

CVE-2019-20691