Cross-Site Request Forgery Vulnerability in NETGEAR Routers
CVE-2020-26912

7.5HIGH

Key Information:

Vendor: Netgear
Status: D6200 Firmware
Vendor: CVE Published:; 9 October 2020

Summary

NETGEAR routers are susceptible to a Cross-Site Request Forgery (CSRF) vulnerability, which can allow unauthorized actions to be performed on behalf of an authenticated user. If exploited, an attacker could manipulate the device settings without user consent. This vulnerability impacts various models of NETGEAR routers, and users are advised to apply the latest firmware updates to mitigate the risks associated with this security issue.

References

https://kb.netgear.com/000062341/Security-Advisory-for-Cr...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 9, 2020
Vulnerability Reserved
Oct 9, 2020