CVE-2020-5621

low-risk
Published 2020-08-28

Cross-site request forgery (CSRF) vulnerability in NETGEAR switching hubs (GS716Tv2 Firmware version 5.4.2.30 and earlier, and GS724Tv3 Firmware version 5.4.2.30 and earlier) allow remote attackers to hijack the authentication of administrators and alter the settings of the device via unspecified vectors.

Do I need to act?

-
0.16% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.3/10 Medium
NETWORK / LOW complexity

Affected Products (2)

Gs716Tv2 Firmware
Gs724Tv3 Firmware

Affected Vendors

Netgear

References (8)

Third Party Advisory http://jvn.jp/en/jp/JVN29903998/index.html
Third Party Advisory https://jvn.jp/en/jp/JVN29903998/index.html
Patch https://www.netgear.com/support/product/gs716Tv2.aspx
Patch https://www.netgear.com/support/product/gs724tv3.aspx
Third Party Advisory http://jvn.jp/en/jp/JVN29903998/index.html
Third Party Advisory https://jvn.jp/en/jp/JVN29903998/index.html
Patch https://www.netgear.com/support/product/gs716Tv2.aspx
Patch https://www.netgear.com/support/product/gs724tv3.aspx
26
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 7/34 · Low