Cross-Site Request Forgery (CSRF)
Certain NETGEAR devices are affected by CSRF. This affects R6300v2 before 220.127.116.11, R6400v2 before 18.104.22.168, R6700 before 22.214.171.124, R6900 before 126.96.36.199, R7000P before 188.8.131.52, R6900P before 184.108.40.206, R7300 before 220.127.116.11, R8300 before 18.104.22.168, R8500 before 22.214.171.124, DGN2200v4 before 126.96.36.199, DGND2200Bv4 before 188.8.131.52, R6050 before 184.108.40.206, JR6150 before 220.127.116.11, R6220 before 18.104.22.168, and WNDR3700v5 before V22.214.171.124.
CWE-352 - Cross-Site Request Forgery (CSRF)
Cross-Site Request Forgery (CSRF) is a vulnerability that allows an attacker to make arbitrary requests in an authenticated vulnerable web application and disrupt the integrity of the victim’s session. The impact of a successful CSRF attack may range from minor to severe, depending upon the capabilities exposed by the vulnerable application and privileges of the user. An attacker may force the user to perform state-changing requests like transferring funds, changing their email address or password etc. However, if an administrative level account is affected, it may compromise the whole web application and associated sensitive data.