CVE-2019-20487
Description
An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple actions within the WNR1000V4 web management console are vulnerable to an unauthenticated GET request (exploitable directly or through CSRF), as demonstrated by the setup.cgitodo=save_htp_account URI.
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.334
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2019-20486 ,CVE-2019-20487 ,CVE-2019-20488 ,CVE-2019-20489 are affected in wnr1000_firmware 1.1.0.54 | NCM |
| Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-20487) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234