CVE-2018-21096: CSRF
First published: Mon Apr 27 2020(Updated: )
Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NETGEAR WAC120 | <2.1.7 | |
| NETGEAR WAC120 | ||
| NETGEAR WAC505 | <5.0.5.4 | |
| NETGEAR WAC505 | ||
| NETGEAR WAC510 firmware | <5.0.5.4 | |
| NETGEAR WAC510 firmware | ||
| NETGEAR WNAP320 firmware | <3.7.11.4 | |
| Netgear WNAP320 firmware | ||
| NETGEAR WNAP210 | <3.7.11.4 | |
| NETGEAR WNAP210 firmware | =v2 | |
| Netgear WNDAP350 Firmware | <3.7.11.4 | |
| NETGEAR WNDAP350 | ||
| NETGEAR WNDAP360 | <3.7.11.4 | |
| NETGEAR WNDAP360 firmware | ||
| NETGEAR WNDAP660 | <3.7.11.4 | |
| NETGEAR WNDAP660 firmware | ||
| NETGEAR WNDAP620 | <2.1.7 | |
| NETGEAR WNDAP620 firmware | ||
| NETGEAR WND930 firmware | <2.1.5 | |
| NETGEAR WND930 firmware | ||
| NETGEAR WN604 firmware | <3.3.10 | |
| Netgear WN604 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What devices are affected by CVE-2018-21096?
The vulnerable NETGEAR devices include WAC120, WAC505, WAC510, WNAP320, WNAP210v2, WNDAP350, WNDAP360, WNDAP660, WNDAP620, and WND930.
What is the severity of CVE-2018-21096?
CVE-2018-21096 is classified as a Cross-Site Request Forgery (CSRF) vulnerability.
How do I fix CVE-2018-21096?
To fix CVE-2018-21096, upgrade your device firmware to the latest version as specified by NETGEAR.
What types of attacks can CVE-2018-21096 enable?
CVE-2018-21096 allows attackers to perform unauthorized actions on behalf of authenticated users.
Are there any workarounds for CVE-2018-21096?
One potential workaround for CVE-2018-21096 is to limit access to the affected devices through network segmentation.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/netgear
- canonical/netgear wac120
- canonical/netgear wac505
- canonical/netgear wac510 firmware
- canonical/netgear wnap320 firmware
- canonical/netgear wnap210
- canonical/netgear wnap210 firmware
- version/netgear wnap210 firmware/v2
- canonical/netgear wndap350 firmware
- canonical/netgear wndap350
- canonical/netgear wndap360
- canonical/netgear wndap360 firmware
- canonical/netgear wndap660
- canonical/netgear wndap660 firmware
- canonical/netgear wndap620
- canonical/netgear wndap620 firmware
- canonical/netgear wnd930 firmware
- canonical/netgear wn604 firmware
- canonical/netgear wn604