CVE-2020-5641: CSRF
First published: Tue Nov 24 2020(Updated: )
Cross-site request forgery (CSRF) vulnerability in GS108Ev3 firmware version 2.06.10 and earlier allows remote attackers to hijack the authentication of administrators and the product's settings may be changed without the user's intention or consent via unspecified vectors.
Credit: vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Netgear GS108Ev3 | <=2.06.10 | |
| Netgear GS108Ev3 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-5641?
CVE-2020-5641 is classified as a high severity vulnerability due to its potential for CSRF attacks that can lead to unauthorized configuration changes.
How do I fix CVE-2020-5641?
To fix CVE-2020-5641, users should upgrade to firmware version 2.06.14 or later for the Netgear GS108Ev3 device.
What type of attack does CVE-2020-5641 involve?
CVE-2020-5641 involves a cross-site request forgery (CSRF) attack which can allow unauthorized changes to device settings.
What are the affected devices listed under CVE-2020-5641?
CVE-2020-5641 affects the Netgear GS108Ev3 devices running firmware version 2.06.10 or earlier.
Can CVE-2020-5641 result in unauthorized access?
Yes, CVE-2020-5641 can result in unauthorized access as it allows attackers to hijack the authentication of administrators.
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/event
- agent/description
- agent/weakness
- agent/author
- agent/severity
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/netgear
- canonical/netgear gs108ev3
- version/netgear gs108ev3/2.06.10
- canonical/netgear gs108ev3 firmware