Sign-up

ID

VAR-202011-1240


CVE

CVE-2020-5641


TITLE

NETGEAR GS108Ev3 cross-site request forgery vulnerability

Trust: 1.2

sources: CNVD: CNVD-2021-44754 // CNNVD: CNNVD-202011-1869

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in GS108Ev3 firmware version 2.06.10 and earlier allows remote attackers to hijack the authentication of administrators and the product's settings may be changed without the user's intention or consent via unspecified vectors. NETGEAR Switching hub provided by GS108Ev3 Is a cross-site request forgery vulnerability (CWE-352) Exists. This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Yuta Ikegami MrIf a user who is logged in to the management screen of the product accesses a specially crafted page, the settings of the product may be changed unintentionally. GS108Ev3 is an 8-port gigabit simple network management switch launched by NETGEAR

Trust: 2.16

sources: NVD: CVE-2020-5641 // JVNDB: JVNDB-2020-000076 // CNVD: CNVD-2021-44754

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-44754

AFFECTED PRODUCTS

vendor:netgearmodel:gs108ev3scope:lteversion:2.06.10

Trust: 1.0

vendor:netgearmodel:gs108ev3scope:eqversion:version 2.06.10

Trust: 0.8

vendor:netgearmodel:gs108ev3scope:lteversion:<=2.06.10

Trust: 0.6

sources: CNVD: CNVD-2021-44754 // JVNDB: JVNDB-2020-000076 // NVD: CVE-2020-5641

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-5641
value: MEDIUM

Trust: 1.0

IPA: JVNDB-2020-000076
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2021-44754
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202011-1869
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-5641
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2020-000076
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2021-44754
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-5641
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

IPA: JVNDB-2020-000076
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-44754 // JVNDB: JVNDB-2020-000076 // CNNVD: CNNVD-202011-1869 // NVD: CVE-2020-5641

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.8

sources: JVNDB: JVNDB-2020-000076 // NVD: CVE-2020-5641

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202011-1869

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-202011-1869

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-000076

PATCH
title:GS108Ev3 Firmware Version 2.06.14url:https://kb.netgear.com/000062496/
Trust: 0.8
title:Patch for NETGEAR GS108Ev3 cross-site request forgery vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/275026
Trust: 0.6
title:Netgear Gs108ev3 Fixes for cross-site request forgery vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=135830
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-44754 // 
            
            
            
            JVNDB: JVNDB-2020-000076 // 
            
            
            
            CNNVD: CNNVD-202011-1869

EXTERNAL IDS
db:JVNid:JVN27806339
Trust: 3.0
db:NVDid:CVE-2020-5641
Trust: 3.0
db:JVNDBid:JVNDB-2020-000076
Trust: 1.4
db:CNVDid:CNVD-2021-44754
Trust: 0.6
db:CNNVDid:CNNVD-202011-1869
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-44754 // 
            
            
            
            JVNDB: JVNDB-2020-000076 // 
            
            
            
            CNNVD: CNNVD-202011-1869 // 
            
            
            
            NVD: CVE-2020-5641

REFERENCES
url:https://jvn.jp/en/jp/jvn27806339/index.html
Trust: 2.2
url:https://kb.netgear.com/000062496/gs108ev3-firmware-version-2-06-14
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5641
Trust: 0.8
url:https://jvn.jp/jp/jvn27806339/index.html
Trust: 0.8
url:https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-000076.html
Trust: 0.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-5641
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-44754 // 
            
            
            
            JVNDB: JVNDB-2020-000076 // 
            
            
            
            CNNVD: CNNVD-202011-1869 // 
            
            
            
            NVD: CVE-2020-5641

SOURCES
db:CNVDid:CNVD-2021-44754
db:JVNDBid:JVNDB-2020-000076
db:CNNVDid:CNNVD-202011-1869
db:NVDid:CVE-2020-5641

LAST UPDATE DATE
2024-11-23T22:40:50.952000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2021-44754date:2021-06-24T00:00:00
db:JVNDBid:JVNDB-2020-000076date:2020-11-24T03:05:40
db:CNNVDid:CNNVD-202011-1869date:2020-12-04T00:00:00
db:NVDid:CVE-2020-5641date:2024-11-21T05:34:24.540

SOURCES RELEASE DATE
db:CNVDid:CNVD-2021-44754date:2021-06-24T00:00:00
db:JVNDBid:JVNDB-2020-000076date:2020-11-24T03:05:40
db:CNNVDid:CNNVD-202011-1869date:2020-11-24T00:00:00
db:NVDid:CVE-2020-5641date:2020-11-24T07:15:11.717