CVE-2016-11055

moderate-risk
Published 2020-04-28

Certain NETGEAR devices are affected by CSRF. This affects CM400 before 2017-01-11, CM600 before 2017-01-11, D1500 before 2017-01-11, D500 before 2017-01-11, DST6501 before 2017-01-11, JNR1010v1 before 2017-01-11, JWNR2000Tv3 before 2017-01-11, JWNR2010v3 before 2017-01-11, PLW1000 before 2017-01-11, PLW1010 before 2017-01-11, WNR500 before 2017-01-11, WNR612v3 before 2017-01-11, N450 before 2017-01-11, and CG3000Dv2 before 2017-01-11.

Do I need to act?

-
0.17% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.3/10 Medium
NETWORK / LOW complexity

Affected Products (13)

Cm400 Firmware
Cm600 Firmware
D1500 Firmware
D500 Firmware
Dst6501 Firmware
Jwnr2000T Firmware
Plw1000 Firmware
Plw1010 Firmware
Wnr500 Firmware
Wnr612 Firmware
N450 Cg3000D Firmware

Affected Vendors

Netgear

References (2)

Vendor Advisory https://kb.netgear.com/30114/NETGEAR-Product-Vulnerability-Advisory-CSRF-LocalFi...
Vendor Advisory https://kb.netgear.com/30114/NETGEAR-Product-Vulnerability-Advisory-CSRF-LocalFi...
36
/ 100
moderate-risk
Severity 18/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 17/34 · Moderate