CVE-2018-21120: CSRF
First published: Wed Apr 22 2020(Updated: )
Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Netgear WAC120 AC Firmware | <2.1.7 | |
| Netgear WAC120 AC Firmware | ||
| NETGEAR WAC505 | <5.0.5.4 | |
| NETGEAR Wireless Access Point | ||
| NETGEAR WAC510 Firmware | <5.0.5.4 | |
| NETGEAR WAC510 firmware | ||
| Netgear WNAP320 firmware | <3.7.11.4 | |
| Netgear WNAP320 firmware | ||
| Netgear Prosafe Wnap210 Firmware | <3.7.11.4 | |
| NetGear ProSafe WNAP210 | =v2 | |
| Netgear WNDAP350 Firmware | <3.7.11.4 | |
| Netgear WNDAP350 Firmware | ||
| NETGEAR WNDAP360 | <3.7.11.4 | |
| NETGEAR Wireless Access Point | ||
| NETGEAR WNDAP660 | <3.7.11.4 | |
| NETGEAR Wireless Access Point | ||
| NETGEAR WNDAP620 | <2.1.7 | |
| NETGEAR WNDAP620 firmware | ||
| NETGEAR WND930 firmware | <2.1.5 | |
| NETGEAR WND930 firmware | ||
| Netgear WN604 | <3.3.10 | |
| Netgear WN604 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-21120?
CVE-2018-21120 is classified as a moderately severe vulnerability due to the potential for CSRF attacks on affected NETGEAR devices.
How do I fix CVE-2018-21120?
To fix CVE-2018-21120, you should update the firmware of affected NETGEAR devices to the latest versions provided by the manufacturer.
Which NETGEAR devices are affected by CVE-2018-21120?
Affected NETGEAR devices include WAC120, WAC505, WAC510, WNAP320, WNAP210, WNDAP350, WNDAP360, WNDAP660, WNDAP620, and WND930.
What type of vulnerability is CVE-2018-21120?
CVE-2018-21120 is a Cross-Site Request Forgery (CSRF) vulnerability.
What are the risks associated with CVE-2018-21120?
The risks associated with CVE-2018-21120 include unauthorized actions being performed on the affected NETGEAR devices without user consent.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/netgear
- canonical/netgear wac120 ac firmware
- canonical/netgear wac505
- canonical/netgear wac510 firmware
- canonical/netgear wnap320 firmware
- canonical/netgear prosafe wnap210 firmware
- canonical/netgear prosafe wnap210
- version/netgear prosafe wnap210/v2
- canonical/netgear wndap350 firmware
- canonical/netgear wndap360
- canonical/netgear wireless access point
- canonical/netgear wndap660
- canonical/netgear wndap620
- canonical/netgear wndap620 firmware
- canonical/netgear wnd930 firmware
- canonical/netgear wn604