Search criteria
1 vulnerability by Netgear Japan G.K.
CVE-2020-5641 (GCVE-0-2020-5641)
Vulnerability from cvelistv5 – Published: 2020-11-24 06:55 – Updated: 2024-08-04 08:39
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in GS108Ev3 firmware version 2.06.10 and earlier allows remote attackers to hijack the authentication of administrators and the product's settings may be changed without the user's intention or consent via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Cross-site request forgery
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Netgear Japan G.K. | GS108Ev3 |
Affected:
Firmware version 2.06.10 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:25.661Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.netgear.com/000062496/GS108Ev3-Firmware-Version-2-06-14"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN27806339/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GS108Ev3",
"vendor": "Netgear Japan G.K.",
"versions": [
{
"status": "affected",
"version": "Firmware version 2.06.10 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in GS108Ev3 firmware version 2.06.10 and earlier allows remote attackers to hijack the authentication of administrators and the product\u0027s settings may be changed without the user\u0027s intention or consent via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-24T06:55:22",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.netgear.com/000062496/GS108Ev3-Firmware-Version-2-06-14"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN27806339/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5641",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GS108Ev3",
"version": {
"version_data": [
{
"version_value": "Firmware version 2.06.10 and earlier"
}
]
}
}
]
},
"vendor_name": "Netgear Japan G.K."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in GS108Ev3 firmware version 2.06.10 and earlier allows remote attackers to hijack the authentication of administrators and the product\u0027s settings may be changed without the user\u0027s intention or consent via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site request forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/000062496/GS108Ev3-Firmware-Version-2-06-14",
"refsource": "MISC",
"url": "https://kb.netgear.com/000062496/GS108Ev3-Firmware-Version-2-06-14"
},
{
"name": "https://jvn.jp/en/jp/JVN27806339/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN27806339/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5641",
"datePublished": "2020-11-24T06:55:22",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:39:25.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}