CVE-2017-18749
Description
Certain NETGEAR devices are affected by CSRF. This affects JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, R6050 before 1.0.1.10, R6100 before 1.0.1.16, R6220 before 1.1.0.50, R7500 before 1.0.0.112, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R9000 before 1.0.2.40, WNDR3700v4 before 1.0.2.88, WNDR3700v5 before 1.1.0.48, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.44, WNR2000v5 before 1.0.0.58, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
NETGEAR routers are vulnerable to CSRF, allowing attackers to perform unauthorized actions; fixed in updated firmware.
Vulnerability
A cross-site request forgery (CSRF) vulnerability exists in multiple NETGEAR router models. This vulnerability allows an attacker to execute unauthorized actions on the router's web interface without the victim's knowledge. Affected models include JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, R6050 before 1.0.1.10, R6100 before 1.0.1.16, R6220 before 1.1.0.50, R7500 before 1.0.0.112, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R9000 before 1.0.2.40, WNDR3700v4 before 1.0.2.88, WNDR3700v5 before 1.1.0.48, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.44, WNR2000v5 before 1.0.0.58, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44 [1].
Exploitation
The attacker must trick an authenticated administrator or user with access to the router's web interface into visiting a malicious webpage or link while logged into the router. No authentication is required on the attacker's part; they only need to craft a request that performs an action on the router, such as changing settings or rebooting the device. The CSRF attack does not require direct network access to the router as long as the victim is currently authenticated [1].
Impact
Successful exploitation allows the attacker to perform state-changing operations on the router with the privileges of the victim. This could include modifying wireless settings, changing admin credentials, enabling remote management, or performing a factory reset. The exact impact depends on the router's configuration but could lead to loss of confidentiality, integrity, or availability of the network [1].
Mitigation
NETGEAR has released firmware updates to fix the CSRF vulnerability. The fixed versions are: JNR1010v2 1.1.0.44, JR6150 1.0.1.10, JWNR2010v5 1.1.0.44, R6050 1.0.1.10, R6100 1.0.1.16, R6220 1.1.0.50, R7500 1.0.0.112, R7500v2 1.0.3.20, R7800 1.0.2.36, R9000 1.0.2.40, WNDR3700v4 1.0.2.88, WNDR3700v5 1.1.0.48, WNDR4300 1.0.2.90, WNDR4300v2 1.0.0.48, WNDR4500v3 1.0.0.48, WNR1000v4 1.1.0.44, WNR2000v5 1.0.0.58, WNR2020 1.1.0.44, and WNR2050 1.1.0.44 [1]. Users should download and install the latest firmware from NETGEAR Support. No workaround is available; the recommended mitigation is to upgrade to the patched versions [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- NETGEAR/JNR1010v2description
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.