CVE-2017-18768

moderate-risk

Published 2020-04-22

Certain NETGEAR devices are affected by CSRF. This affects EX6100 before 1.0.2.16_1.1.130, EX6100v2 before 1.0.1.70, EX6150v2 before 1.0.1.54, EX6200v2 before 1.0.1.50, EX6400 before 1.0.1.60, EX7300 before 1.0.1.60, and WN3000RPv3 before 1.0.2.44.

Do I need to act?

0.26% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

NETWORK / LOW complexity

Affected Products (6)

Ex6100 Firmware

Ex6150 Firmware

Ex6200 Firmware

Ex6400 Firmware

Ex7300 Firmware

Wn3000Rp Firmware

Affected Vendors

Netgear

References (2)

Vendor Advisory https://kb.netgear.com/000051475/Security-Advisory-for-Cross-Site-Request-Forger...

/ 100

moderate-risk

Severity 30/34 · Critical

Exploitability 1/34 · Minimal

Exposure 13/34 · Low