Details of VAR-202004-1532

ID

VAR-202004-1532

CVE

CVE-2018-21096

TITLE

plural NETGEAR Cross-site request forgery vulnerability in device

Trust: 0.8

sources: JVNDB: JVNDB-2018-016402

DESCRIPTION

Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10. plural NETGEAR A cross-site request forgery vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This affects WAC120 prior to 2.1.7, WAC505 prior to 5.0.5.4, WAC510 prior to 5.0.5.4, WNAP320 prior to 3.7.11.4, WNAP210v2 prior to 3.7.11.4, WNDAP350 prior to 3.7.11.4, WNDAP360 prior to 3.7.11.4, WNDAP660 prior to 3.7.11.4, WNDAP620 prior to 2.1.7, WND930 prior to 2.1.5, and WN604 prior to 3.3.10

Trust: 1.71

sources: NVD: CVE-2018-21096 // JVNDB: JVNDB-2018-016402 // VULMON: CVE-2018-21096

AFFECTED PRODUCTS

vendor:	netgear	model:	wnd930	scope:	lt	version:	2.1.5	Trust: 1.0
vendor:	netgear	model:	wn604	scope:	lt	version:	3.3.10	Trust: 1.0
vendor:	netgear	model:	wac510	scope:	lt	version:	5.0.5.4	Trust: 1.0
vendor:	netgear	model:	wndap350	scope:	lt	version:	3.7.11.4	Trust: 1.0
vendor:	netgear	model:	wac505	scope:	lt	version:	5.0.5.4	Trust: 1.0
vendor:	netgear	model:	wnap320	scope:	lt	version:	3.7.11.4	Trust: 1.0
vendor:	netgear	model:	wndap660	scope:	lt	version:	3.7.11.4	Trust: 1.0
vendor:	netgear	model:	wndap620	scope:	lt	version:	2.1.7	Trust: 1.0
vendor:	netgear	model:	wnap210	scope:	lt	version:	3.7.11.4	Trust: 1.0
vendor:	netgear	model:	wndap360	scope:	lt	version:	3.7.11.4	Trust: 1.0
vendor:	netgear	model:	wac120	scope:	lt	version:	2.1.7	Trust: 1.0
vendor:	netgear	model:	wac120	scope:	eq	version:	2.1.7	Trust: 0.8
vendor:	netgear	model:	wac505	scope:	eq	version:	5.0.5.4	Trust: 0.8
vendor:	netgear	model:	wac510	scope:	eq	version:	5.0.5.4	Trust: 0.8
vendor:	netgear	model:	wnap210	scope:	eq	version:	3.7.11.4	Trust: 0.8
vendor:	netgear	model:	wnap320	scope:	eq	version:	3.7.11.4	Trust: 0.8
vendor:	netgear	model:	wnd930	scope:	eq	version:	2.1.5	Trust: 0.8
vendor:	netgear	model:	wndap350	scope:	eq	version:	3.7.11.4	Trust: 0.8
vendor:	netgear	model:	wndap360	scope:	eq	version:	3.7.11.4	Trust: 0.8
vendor:	netgear	model:	wndap620	scope:	eq	version:	2.1.7	Trust: 0.8
vendor:	netgear	model:	wndap660	scope:	eq	version:	3.7.11.4	Trust: 0.8
vendor:	netgear	model:	wac120	scope:	eq	version:	2.0.7	Trust: 0.1
vendor:	netgear	model:	wac120	scope:	eq	version:	2.1.4	Trust: 0.1
vendor:	netgear	model:	wac505	scope:	eq	version:	5.0.0.17	Trust: 0.1
vendor:	netgear	model:	wac510	scope:	eq	version:	1.3.0.10	Trust: 0.1
vendor:	netgear	model:	wac510	scope:	eq	version:	5.0.0.17	Trust: 0.1
vendor:	netgear	model:	wn604	scope:	eq	version:	3.3.3	Trust: 0.1
vendor:	netgear	model:	wn604	scope:	eq	version:	3.3.7	Trust: 0.1
vendor:	netgear	model:	wnap210	scope:	eq	version:	3.5.20.0	Trust: 0.1
vendor:	netgear	model:	wnap210	scope:	eq	version:	3.7.4.0	Trust: 0.1
vendor:	netgear	model:	wnap320	scope:	eq	version:	3.5.20.0	Trust: 0.1
vendor:	netgear	model:	wnap320	scope:	eq	version:	3.7.4.0	Trust: 0.1
vendor:	netgear	model:	wnd930	scope:	eq	version:	-	Trust: 0.1
vendor:	netgear	model:	wnd930	scope:	eq	version:	2.0.11	Trust: 0.1
vendor:	netgear	model:	wnd930	scope:	eq	version:	2.1.2	Trust: 0.1
vendor:	netgear	model:	wndap350	scope:	eq	version:	3.5.20.0	Trust: 0.1
vendor:	netgear	model:	wndap350	scope:	eq	version:	3.7.4.0	Trust: 0.1
vendor:	netgear	model:	wndap360	scope:	eq	version:	3.5.20.0	Trust: 0.1
vendor:	netgear	model:	wndap360	scope:	eq	version:	3.7.4.0	Trust: 0.1
vendor:	netgear	model:	wndap620	scope:	eq	version:	2.0.11	Trust: 0.1
vendor:	netgear	model:	wndap620	scope:	eq	version:	2.1.3	Trust: 0.1
vendor:	netgear	model:	wndap660	scope:	eq	version:	3.5.20.0	Trust: 0.1
vendor:	netgear	model:	wndap660	scope:	eq	version:	3.7.4.0	Trust: 0.1

sources: VULMON: CVE-2018-21096 // JVNDB: JVNDB-2018-016402 // NVD: CVE-2018-21096

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-21096
value:	HIGH
Trust: 1.0
cve@mitre.org:	CVE-2018-21096
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2018-016402
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202004-2185
value:	HIGH
Trust: 0.6
VULMON:	CVE-2018-21096
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-21096
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:A/AC:M/AU:S/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	4.4
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2018-016402
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:A/AC:M/AU:S/C:P/I:P/A:P
accessVector:	ADJACENT NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

nvd@nist.gov:	CVE-2018-21096
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.5
impactScore:	5.9
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2018-21096
baseSeverity:	MEDIUM
baseScore:	5.2
vectorString:	CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.5
impactScore:	3.6
version:	3.0
Trust: 1.0
NVD:	JVNDB-2018-016402
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2018-21096 // JVNDB: JVNDB-2018-016402 // CNNVD: CNNVD-202004-2185 // NVD: CVE-2018-21096 // NVD: CVE-2018-21096

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.8

sources: JVNDB: JVNDB-2018-016402 // NVD: CVE-2018-21096

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-2185

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-202004-2185

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-016402

PATCH

title:	Security Advisory for Cross Site Request Forgery on Some Wireless Access Points, PSV-2018-0096	url:	https://kb.netgear.com/000060455/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Wireless-Access-Points-PSV-2018-0096	Trust: 0.8
title:	Multiple NETGEAR Repair measures for product cross-site request forgery vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117708	Trust: 0.6

sources: JVNDB: JVNDB-2018-016402 // CNNVD: CNNVD-202004-2185

EXTERNAL IDS

db:	NVD	id:	CVE-2018-21096	Trust: 2.5
db:	JVNDB	id:	JVNDB-2018-016402	Trust: 0.8
db:	CNNVD	id:	CNNVD-202004-2185	Trust: 0.6
db:	VULMON	id:	CVE-2018-21096	Trust: 0.1

sources: VULMON: CVE-2018-21096 // JVNDB: JVNDB-2018-016402 // CNNVD: CNNVD-202004-2185 // NVD: CVE-2018-21096

REFERENCES

url:	https://kb.netgear.com/000060455/security-advisory-for-cross-site-request-forgery-on-some-wireless-access-points-psv-2018-0096	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-21096	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21096	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/352.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2018-21096 // JVNDB: JVNDB-2018-016402 // CNNVD: CNNVD-202004-2185 // NVD: CVE-2018-21096

SOURCES

db:	VULMON	id:	CVE-2018-21096
db:	JVNDB	id:	JVNDB-2018-016402
db:	CNNVD	id:	CNNVD-202004-2185
db:	NVD	id:	CVE-2018-21096

LAST UPDATE DATE

2024-11-23T22:37:24.872000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2018-21096	date:	2020-05-04T00:00:00
db:	JVNDB	id:	JVNDB-2018-016402	date:	2020-06-02T00:00:00
db:	CNNVD	id:	CNNVD-202004-2185	date:	2020-05-06T00:00:00
db:	NVD	id:	CVE-2018-21096	date:	2024-11-21T04:02:53.510

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2018-21096	date:	2020-04-27T00:00:00
db:	JVNDB	id:	JVNDB-2018-016402	date:	2020-06-02T00:00:00
db:	CNNVD	id:	CNNVD-202004-2185	date:	2020-04-27T00:00:00
db:	NVD	id:	CVE-2018-21096	date:	2020-04-27T16:15:12.663