{"id": "CVE-2017-18742", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2020-04-23T16:15:12.570", "references": [{"url": "https://kb.netgear.com/000051513/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Routers-PSV-2017-0331", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Certain NETGEAR devices are affected by CSRF. This affects JR6150 before 1.0.1.10, R6050 before 1.0.1.10, R6250 before 1.0.4.12, R6300v2 before 1.0.4.8, R6700 before 1.0.1.16, R6900 before 1.0.1.16, R7300DST before 1.0.0.54, R7900 before 1.0.1.12, R8000 before 1.0.3.32, and R8500 before 1.0.2.74."}, {"lang": "es", "value": "Determinados dispositivos NETGEAR est\u00e1n afectados por una vulnerabilidad de tipo CSRF. Esto afecta a JR6150 versiones anteriores a 1.0.1.10, R6050 versiones anteriores a 1.0.1.10, R6250 versiones anteriores a 1.0.4.12, R6300v2 versiones anteriores a 1.0.4.8, R6700 versiones anteriores a 1.0.1.16, R6900 versiones anteriores a 1.0.1.16, R7300DST versiones anteriores a 1.0.0.54, R7900 versiones anteriores a 1.0.1.12, R8000 versiones anteriores a 1.0.3.32 y R8500 versiones anteriores a 1.0.2.74."}], "lastModified": "2020-04-27T13:38:17.713", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:jr6150_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B5D8AD4-6C67-4DC7-99DF-B29DBA4BC376", "versionEndExcluding": "1.0.1.10"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:jr6150:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D67167E5-81D2-4892-AF41-CBB6271232D1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r6050_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB4D669D-D6C4-403E-896D-55EE4EEB7C27", "versionEndExcluding": "1.0.1.10"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r6050:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "363D4DEE-98B9-4294-B241-1613CAD1A3A7"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r6250_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3464F16-A6EB-47C0-B2B5-54E86743DC70", "versionEndExcluding": "1.0.4.12"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r6250:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "321BE843-52C4-4638-A321-439CA7B3A6F2"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r6300_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8097CEE-2577-4C44-9260-8B2DD2D2CA78", "versionEndExcluding": "1.0.4.8"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r6300:v2:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "10938043-F7DF-42C3-8C16-F92CAF8E5576"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A08B1CF-6BDA-4D50-9146-2B580593FBAD", "versionEndExcluding": "1.0.1.16"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r6700:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "21B27F11-4262-4CE1-8107-B365A7C152F2"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r6900_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B3C16D1-4124-4CBB-8717-738E13C25C47", "versionEndExcluding": "1.0.1.16"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r6900:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0794BB7C-1BCF-4F08-8EB2-9C3B150C105A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r7300dst_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F0EE8EBA-C4CD-4CA1-A684-54338B1254A9", "versionEndExcluding": "1.0.0.54"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r7300dst:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C75148EB-DE6C-4C5C-BF34-4800A66CF11C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r7900_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "59C6F6E4-C411-486E-BDBF-75F0ABEF5112", "versionEndExcluding": "1.0.1.12"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r7900:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C484840F-AF30-4B5C-821A-4DB9BE407BDB"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F30C70DD-52EE-49C1-89B7-0D579B5090D7", "versionEndExcluding": "1.0.3.32"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5B39F095-8FE8-43FD-A866-7B613B495984"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r8500_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC34CE8E-8DB9-4A15-80D8-EB663482A892", "versionEndExcluding": "1.0.2.74"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r8500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "63500DE4-BDBD-4F86-AB99-7DB084D0B912"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}
