cvelistv5 - cve-2020-5641

CVE-2020-5641 (GCVE-0-2020-5641)

Vulnerability from cvelistv5

Published

2020-11-24 06:55

Modified

2024-08-04 08:39

Severity ?

CWE

Cross-site request forgery

Summary

References

URL

	Vendor	Product	Version
	Netgear Japan G.K.	GS108Ev3	Version: Firmware version 2.06.10 and earlier

gsd-2020-5641

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2020-5641

Aliases

CVE-2020-5641

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-5641",
    "description": "Cross-site request forgery (CSRF) vulnerability in GS108Ev3 firmware version 2.06.10 and earlier allows remote attackers to hijack the authentication of administrators and the product\u0027s settings may be changed without the user\u0027s intention or consent via unspecified vectors.",
    "id": "GSD-2020-5641"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-5641"
      ],
      "details": "Cross-site request forgery (CSRF) vulnerability in GS108Ev3 firmware version 2.06.10 and earlier allows remote attackers to hijack the authentication of administrators and the product\u0027s settings may be changed without the user\u0027s intention or consent via unspecified vectors.",
      "id": "GSD-2020-5641",
      "modified": "2023-12-13T01:22:03.596389Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2020-5641",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "GS108Ev3",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Firmware version 2.06.10 and earlier"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Netgear Japan G.K."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site request forgery (CSRF) vulnerability in GS108Ev3 firmware version 2.06.10 and earlier allows remote attackers to hijack the authentication of administrators and the product\u0027s settings may be changed without the user\u0027s intention or consent via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Cross-site request forgery"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://kb.netgear.com/000062496/GS108Ev3-Firmware-Version-2-06-14",
            "refsource": "MISC",
            "url": "https://kb.netgear.com/000062496/GS108Ev3-Firmware-Version-2-06-14"
          },
          {
            "name": "https://jvn.jp/en/jp/JVN27806339/index.html",
            "refsource": "MISC",
            "url": "https://jvn.jp/en/jp/JVN27806339/index.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netgear:gs108ev3_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.06.10",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netgear:gs108ev3:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2020-5641"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in GS108Ev3 firmware version 2.06.10 and earlier allows remote attackers to hijack the authentication of administrators and the product\u0027s settings may be changed without the user\u0027s intention or consent via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-352"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jvn.jp/en/jp/JVN27806339/index.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://jvn.jp/en/jp/JVN27806339/index.html"
            },
            {
              "name": "https://kb.netgear.com/000062496/GS108Ev3-Firmware-Version-2-06-14",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://kb.netgear.com/000062496/GS108Ev3-Firmware-Version-2-06-14"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2020-12-03T14:18Z",
      "publishedDate": "2020-11-24T07:15Z"
    }
  }
}

Cross-site request forgery (CSRF) vulnerability in GS108Ev3 firmware version 2.06.10 and earlier allows remote attackers to hijack the authentication of administrators and the product's settings may be changed without the user's intention or consent via unspecified vectors. NETGEAR Switching hub provided by GS108Ev3 Is a cross-site request forgery vulnerability (CWE-352) Exists. This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Yuta Ikegami MrIf a user who is logged in to the management screen of the product accesses a specially crafted page, the settings of the product may be changed unintentionally. GS108Ev3 is an 8-port gigabit simple network management switch launched by NETGEAR

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202011-1240",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "gs108ev3",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "netgear",
        "version": "2.06.10"
      },
      {
        "model": "gs108ev3",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "netgear",
        "version": "version 2.06.10"
      },
      {
        "model": "gs108ev3",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "netgear",
        "version": "\u003c=2.06.10"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-44754"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-000076"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-5641"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:netgear:gs108ev3_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-000076"
      }
    ]
  },
  "cve": "CVE-2020-5641",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2020-5641",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.0,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "High",
            "accessVector": "Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 2.6,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-000076",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2021-44754",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "id": "CVE-2020-5641",
            "impactScore": 3.6,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-000076",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2020-5641",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2020-000076",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2021-44754",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202011-1869",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-44754"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-000076"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202011-1869"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-5641"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site request forgery (CSRF) vulnerability in GS108Ev3 firmware version 2.06.10 and earlier allows remote attackers to hijack the authentication of administrators and the product\u0027s settings may be changed without the user\u0027s intention or consent via unspecified vectors. NETGEAR Switching hub provided by GS108Ev3 Is a cross-site request forgery vulnerability (CWE-352) Exists. This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Yuta Ikegami MrIf a user who is logged in to the management screen of the product accesses a specially crafted page, the settings of the product may be changed unintentionally. GS108Ev3 is an 8-port gigabit simple network management switch launched by NETGEAR",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-5641"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-000076"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-44754"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "JVN",
        "id": "JVN27806339",
        "trust": 3.0
      },
      {
        "db": "NVD",
        "id": "CVE-2020-5641",
        "trust": 3.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-000076",
        "trust": 1.4
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-44754",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202011-1869",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-44754"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-000076"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202011-1869"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-5641"
      }
    ]
  },
  "id": "VAR-202011-1240",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-44754"
      }
    ],
    "trust": 1.4333333000000001
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-44754"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:40:50.952000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "GS108Ev3 Firmware Version 2.06.14",
        "trust": 0.8,
        "url": "https://kb.netgear.com/000062496/"
      },
      {
        "title": "Patch for NETGEAR GS108Ev3 cross-site request forgery vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/275026"
      },
      {
        "title": "Netgear Gs108ev3 Fixes for cross-site request forgery vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=135830"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-44754"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-000076"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202011-1869"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-352",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-000076"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-5641"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "https://jvn.jp/en/jp/jvn27806339/index.html"
      },
      {
        "trust": 1.6,
        "url": "https://kb.netgear.com/000062496/gs108ev3-firmware-version-2-06-14"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5641"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/jp/jvn27806339/index.html"
      },
      {
        "trust": 0.6,
        "url": "https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-000076.html"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5641"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-44754"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-000076"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202011-1869"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-5641"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-44754"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-000076"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202011-1869"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-5641"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-06-24T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-44754"
      },
      {
        "date": "2020-11-24T03:05:40",
        "db": "JVNDB",
        "id": "JVNDB-2020-000076"
      },
      {
        "date": "2020-11-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202011-1869"
      },
      {
        "date": "2020-11-24T07:15:11.717000",
        "db": "NVD",
        "id": "CVE-2020-5641"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-06-24T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-44754"
      },
      {
        "date": "2020-11-24T03:05:40",
        "db": "JVNDB",
        "id": "JVNDB-2020-000076"
      },
      {
        "date": "2020-12-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202011-1869"
      },
      {
        "date": "2024-11-21T05:34:24.540000",
        "db": "NVD",
        "id": "CVE-2020-5641"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202011-1869"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "NETGEAR GS108Ev3 cross-site request forgery vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-44754"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202011-1869"
      }
    ],
    "trust": 1.2
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "cross-site request forgery",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202011-1869"
      }
    ],
    "trust": 0.6
  }
}

fkie_cve-2020-5641

Vulnerability from fkie_nvd

Published

2020-11-24 07:15

Modified

2024-11-21 05:34

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Summary

References

URL	Tags
vultures@jpcert.or.jp	https://jvn.jp/en/jp/JVN27806339/index.html	Third Party Advisory
vultures@jpcert.or.jp	https://kb.netgear.com/000062496/GS108Ev3-Firmware-Version-2-06-14	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/en/jp/JVN27806339/index.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://kb.netgear.com/000062496/GS108Ev3-Firmware-Version-2-06-14	Vendor Advisory

Impacted products

	Vendor	Product	Version
	netgear	gs108ev3_firmware	*
	netgear	gs108ev3	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:gs108ev3_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "21640351-64C6-4602-BDC0-04867C555A92",
              "versionEndIncluding": "2.06.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:gs108ev3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5521D1B7-84B2-4FCE-8446-184082609F8E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site request forgery (CSRF) vulnerability in GS108Ev3 firmware version 2.06.10 and earlier allows remote attackers to hijack the authentication of administrators and the product\u0027s settings may be changed without the user\u0027s intention or consent via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de tipo cross-site request forgery (CSRF) en el firmware GS108E versiones v3 2.06.10 y anteriores, permite a atacantes remotos secuestrar la autenticaci\u00f3n de los administradores y la configuraci\u00f3n del producto puede cambiarse sin la intenci\u00f3n o el consentimiento del usuario por medio de vectores no especificados"
    }
  ],
  "id": "CVE-2020-5641",
  "lastModified": "2024-11-21T05:34:24.540",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-11-24T07:15:11.717",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/jp/JVN27806339/index.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.netgear.com/000062496/GS108Ev3-Firmware-Version-2-06-14"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/jp/JVN27806339/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.netgear.com/000062496/GS108Ev3-Firmware-Version-2-06-14"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-492c-w6p5-gppm

Vulnerability from github

Published

2022-05-24 17:34

Modified

2022-05-24 17:34

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-5641"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-352"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-11-24T07:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site request forgery (CSRF) vulnerability in GS108Ev3 firmware version 2.06.10 and earlier allows remote attackers to hijack the authentication of administrators and the product\u0027s settings may be changed without the user\u0027s intention or consent via unspecified vectors.",
  "id": "GHSA-492c-w6p5-gppm",
  "modified": "2022-05-24T17:34:56Z",
  "published": "2022-05-24T17:34:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5641"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN27806339/index.html"
    },
    {
      "type": "WEB",
      "url": "https://kb.netgear.com/000062496/GS108Ev3-Firmware-Version-2-06-14"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

cnvd-2021-44754

Vulnerability from cnvd

Title

NETGEAR GS108Ev3跨站请求伪造漏洞

Description

GS108Ev3是NETGEAR推出的一款8端口千兆简单网管交换机。 NETGEAR GS108Ev3 2.06.10及更早版本固件存在跨站请求伪造漏洞，远程攻击者可利用该漏洞劫持管理员的认证，并未经用户同意更改产品的设置。

Severity

中

Patch Name

NETGEAR GS108Ev3跨站请求伪造漏洞的补丁

Patch Description

GS108Ev3是NETGEAR推出的一款8端口千兆简单网管交换机。 NETGEAR GS108Ev3 2.06.10及更早版本固件存在跨站请求伪造漏洞，远程攻击者可利用该漏洞劫持管理员的认证，并未经用户同意更改产品的设置。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://kb.netgear.com/000062496/GS108Ev3-Firmware-Version-2-06-14

Reference

http://jvn.jp/en/jp/JVN27806339/index.html

Impacted products

Name
NETGEAR GS108Ev3 <=2.06.10

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-5641",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-5641"
    }
  },
  "description": "GS108Ev3\u662fNETGEAR\u63a8\u51fa\u7684\u4e00\u6b3e8\u7aef\u53e3\u5343\u5146\u7b80\u5355\u7f51\u7ba1\u4ea4\u6362\u673a\u3002\n\nNETGEAR GS108Ev3 2.06.10\u53ca\u66f4\u65e9\u7248\u672c\u56fa\u4ef6\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u52ab\u6301\u7ba1\u7406\u5458\u7684\u8ba4\u8bc1\uff0c\u5e76\u672a\u7ecf\u7528\u6237\u540c\u610f\u66f4\u6539\u4ea7\u54c1\u7684\u8bbe\u7f6e\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://kb.netgear.com/000062496/GS108Ev3-Firmware-Version-2-06-14",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-44754",
  "openTime": "2021-06-24",
  "patchDescription": "GS108Ev3\u662fNETGEAR\u63a8\u51fa\u7684\u4e00\u6b3e8\u7aef\u53e3\u5343\u5146\u7b80\u5355\u7f51\u7ba1\u4ea4\u6362\u673a\u3002\r\n\r\nNETGEAR GS108Ev3 2.06.10\u53ca\u66f4\u65e9\u7248\u672c\u56fa\u4ef6\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u52ab\u6301\u7ba1\u7406\u5458\u7684\u8ba4\u8bc1\uff0c\u5e76\u672a\u7ecf\u7528\u6237\u540c\u610f\u66f4\u6539\u4ea7\u54c1\u7684\u8bbe\u7f6e\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "NETGEAR GS108Ev3\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "NETGEAR GS108Ev3 \u003c=2.06.10"
  },
  "referenceLink": "http://jvn.jp/en/jp/JVN27806339/index.html",
  "serverity": "\u4e2d",
  "submitTime": "2020-11-25",
  "title": "NETGEAR GS108Ev3\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e"
}

cve-2020-5641

Vulnerability from jvndb

Published

2020-11-24 14:32

Modified

2020-11-24 14:32

Severity ?

4.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Summary

NETGEAR GS108Ev3 vulnerable to cross-site request forgery

Details

GS108Ev3 switching hub provided by NETGEAR contains a cross-site request forgery vulnerability (CWE-352). Yuta Ikegami reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	https://jvn.jp/en/jp/JVN27806339/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5641
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-5641
	Cross-Site Request Forgery(CWE-352)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

NETGEAR

GS108Ev3 firmware

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000076.html",
  "dc:date": "2020-11-24T14:32+09:00",
  "dcterms:issued": "2020-11-24T14:32+09:00",
  "dcterms:modified": "2020-11-24T14:32+09:00",
  "description": "GS108Ev3 switching hub provided by NETGEAR contains a cross-site request forgery vulnerability (CWE-352).\r\n\r\nYuta Ikegami reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000076.html",
  "sec:cpe": {
    "#text": "cpe:/o:netgear:gs108ev3_firmware",
    "@product": "GS108Ev3 firmware",
    "@vendor": "NETGEAR",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "2.6",
      "@severity": "Low",
      "@type": "Base",
      "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "4.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2020-000076",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN27806339/index.html",
      "@id": "JVN#27806339",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5641",
      "@id": "CVE-2020-5641",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5641",
      "@id": "CVE-2020-5641",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-352",
      "@title": "Cross-Site Request Forgery(CWE-352)"
    }
  ],
  "title": "NETGEAR GS108Ev3 vulnerable to cross-site request forgery"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2020-5641 (GCVE-0-2020-5641)

Vulnerability from cvelistv5

gsd-2020-5641

Vulnerability from gsd

var-202011-1240

Vulnerability from variot

fkie_cve-2020-5641

Vulnerability from fkie_nvd

ghsa-492c-w6p5-gppm

Vulnerability from github

cnvd-2021-44754

Vulnerability from cnvd

cve-2020-5641

Vulnerability from jvndb

Tags

Sightings

Nomenclature