Cross-Site Request Forgery (CSRF)
Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 184.108.40.206, WAC510 before 220.127.116.11, WNAP320 before 18.104.22.168, WNAP210v2 before 22.214.171.124, WNDAP350 before 126.96.36.199, WNDAP360 before 188.8.131.52, WNDAP660 before 184.108.40.206, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10.
CWE-352 - Cross-Site Request Forgery (CSRF)
Cross-Site Request Forgery (CSRF) is a vulnerability that allows an attacker to make arbitrary requests in an authenticated vulnerable web application and disrupt the integrity of the victim’s session. The impact of a successful CSRF attack may range from minor to severe, depending upon the capabilities exposed by the vulnerable application and privileges of the user. An attacker may force the user to perform state-changing requests like transferring funds, changing their email address or password etc. However, if an administrative level account is affected, it may compromise the whole web application and associated sensitive data.