Sign-up

ID

VAR-202008-0997


CVE

CVE-2020-5621


TITLE

plural NETGEAR Cross-site request forgery vulnerability in switching hubs

Trust: 0.8

sources: JVNDB: JVNDB-2020-000056

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in NETGEAR switching hubs (GS716Tv2 Firmware version 5.4.2.30 and earlier, and GS724Tv3 Firmware version 5.4.2.30 and earlier) allow remote attackers to hijack the authentication of administrators and alter the settings of the device via unspecified vectors. NETGEAR Switching hub provided by GS716Tv2 and GS724Tv3 Is a cross-site request forgery vulnerability (CWE-352) Exists. This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Reii Yano MrIf a user who is logged in to the management screen of the product accesses a specially crafted page, the settings of the product may be changed unintentionally

Trust: 1.62

sources: NVD: CVE-2020-5621 // JVNDB: JVNDB-2020-000056

AFFECTED PRODUCTS

vendor:netgearmodel:gs716tv2scope:lteversion:5.4.2.30

Trust: 1.0

vendor:netgearmodel:gs724tv3scope:lteversion:5.4.2.30

Trust: 1.0

vendor:netgearmodel:gs716tv2scope:eqversion:firmware version 5.4.2.30

Trust: 0.8

vendor:netgearmodel:gs724tv3scope:eqversion:firmware version 5.4.2.30

Trust: 0.8

sources: JVNDB: JVNDB-2020-000056 // NVD: CVE-2020-5621

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-5621
value: MEDIUM

Trust: 1.0

IPA: JVNDB-2020-000056
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202008-1409
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-5621
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2020-000056
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

nvd@nist.gov: CVE-2020-5621
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

IPA: JVNDB-2020-000056
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-000056 // CNNVD: CNNVD-202008-1409 // NVD: CVE-2020-5621

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.8

sources: JVNDB: JVNDB-2020-000056 // NVD: CVE-2020-5621

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202008-1409

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-202008-1409

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-000056

PATCH
title:GS716Tv2url:https://www.jp.netgear.com/support/product/gs716tv2.aspx
Trust: 0.8
title:GS724Tv3url:https://www.jp.netgear.com/support/product/gs724tv3.aspx
Trust: 0.8
title:GS716Tv2 Firmware CSRF Vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=127526
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-000056 // 
            
            
            
            CNNVD: CNNVD-202008-1409

EXTERNAL IDS
db:JVNid:JVN29903998
Trust: 2.4
db:NVDid:CVE-2020-5621
Trust: 2.4
db:JVNDBid:JVNDB-2020-000056
Trust: 1.4
db:CNNVDid:CNNVD-202008-1409
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-000056 // 
            
            
            
            CNNVD: CNNVD-202008-1409 // 
            
            
            
            NVD: CVE-2020-5621

REFERENCES
url:https://jvn.jp/en/jp/jvn29903998/index.html
Trust: 3.2
url:https://www.netgear.com/support/product/gs716tv2.aspx
Trust: 1.6
url:https://www.netgear.com/support/product/gs724tv3.aspx
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5621
Trust: 0.8
url:https://jvn.jp/jp/jvn29903998/index.html
Trust: 0.8
url:https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-000056.html
Trust: 0.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-5621
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-000056 // 
            
            
            
            CNNVD: CNNVD-202008-1409 // 
            
            
            
            NVD: CVE-2020-5621

SOURCES
db:JVNDBid:JVNDB-2020-000056
db:CNNVDid:CNNVD-202008-1409
db:NVDid:CVE-2020-5621

LAST UPDATE DATE
2024-11-23T22:11:24.283000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2020-000056date:2020-08-28T00:00:00
db:CNNVDid:CNNVD-202008-1409date:2021-01-05T00:00:00
db:NVDid:CVE-2020-5621date:2024-11-21T05:34:22.547

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2020-000056date:2020-08-28T00:00:00
db:CNNVDid:CNNVD-202008-1409date:2020-08-28T00:00:00
db:NVDid:CVE-2020-5621date:2020-08-28T05:15:11.277