Details of VAR-202108-1762

ID

VAR-202108-1762

CVE

CVE-2021-32122

TITLE

Netgear NETGEAR Cross-site request forgery vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202108-965

DESCRIPTION

Certain NETGEAR devices are affected by CSRF. This affects EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, and EX6130 before 1.0.0.44. This affects EX3700 prior to 1.0.0.90, EX3800 prior to 1.0.0.90, EX6120 prior to 1.0.0.64, and EX6130 prior to 1.0.0.44

Trust: 0.99

sources: NVD: CVE-2021-32122 // VULMON: CVE-2021-32122

AFFECTED PRODUCTS

vendor:	netgear	model:	ex6130	scope:	lt	version:	1.0.0.44	Trust: 1.0
vendor:	netgear	model:	ex3800	scope:	lt	version:	1.0.0.90	Trust: 1.0
vendor:	netgear	model:	ex3700	scope:	lt	version:	1.0.0.90	Trust: 1.0
vendor:	netgear	model:	ex6120	scope:	lt	version:	1.0.0.64	Trust: 1.0

sources: NVD: CVE-2021-32122

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-32122
value:	HIGH
Trust: 1.0
cve@mitre.org:	CVE-2021-32122
value:	CRITICAL
Trust: 1.0
CNNVD:	CNNVD-202108-965
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-32122
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-32122
severity:	MEDIUM
baseScore:	5.4
vectorString:	AV:A/AC:M/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	5.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1

nvd@nist.gov:	CVE-2021-32122
baseSeverity:	HIGH
baseScore:	8.0
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.1
impactScore:	5.9
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2021-32122
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULMON: CVE-2021-32122 // CNNVD: CNNVD-202108-965 // NVD: CVE-2021-32122 // NVD: CVE-2021-32122

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.0

sources: NVD: CVE-2021-32122

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202108-965

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-202108-965

PATCH

title:

Netgear NETGEAR Fixes for cross-site request forgery vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=159359

Trust: 0.6

sources: CNNVD: CNNVD-202108-965

EXTERNAL IDS

db:	NVD	id:	CVE-2021-32122	Trust: 1.7
db:	CNNVD	id:	CNNVD-202108-965	Trust: 0.6
db:	VULMON	id:	CVE-2021-32122	Trust: 0.1

sources: VULMON: CVE-2021-32122 // CNNVD: CNNVD-202108-965 // NVD: CVE-2021-32122

REFERENCES

url:	https://kb.netgear.com/000063883/security-advisory-for-cross-site-request-forgery-on-some-extenders-psv-2021-0102	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-32122	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/352.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2021-32122 // CNNVD: CNNVD-202108-965 // NVD: CVE-2021-32122

SOURCES

db:	VULMON	id:	CVE-2021-32122
db:	CNNVD	id:	CNNVD-202108-965
db:	NVD	id:	CVE-2021-32122

LAST UPDATE DATE

2024-08-14T14:18:23.083000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-32122	date:	2021-08-19T00:00:00
db:	CNNVD	id:	CNNVD-202108-965	date:	2021-08-20T00:00:00
db:	NVD	id:	CVE-2021-32122	date:	2021-08-19T17:02:50.567

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-32122	date:	2021-08-11T00:00:00
db:	CNNVD	id:	CNNVD-202108-965	date:	2021-08-10T00:00:00
db:	NVD	id:	CVE-2021-32122	date:	2021-08-11T00:15:07.527