Unrated severityNVD Advisory· Published Apr 22, 2020· Updated Aug 5, 2024

CVE-2017-18768

Description

Certain NETGEAR devices are affected by CSRF. This affects EX6100 before 1.0.2.16_1.1.130, EX6100v2 before 1.0.1.70, EX6150v2 before 1.0.1.54, EX6200v2 before 1.0.1.50, EX6400 before 1.0.1.60, EX7300 before 1.0.1.60, and WN3000RPv3 before 1.0.2.44.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A CSRF vulnerability in multiple NETGEAR extender models allows attackers to execute unauthorized actions if a logged-in admin visits a malicious page.

Vulnerability

A cross-site request forgery (CSRF) vulnerability affects several NETGEAR extender firmware versions. The vulnerable products and affected firmware are: EX6100 before 1.0.2.16_1.1.130, EX6100v2 before 1.0.1.70, EX6150v2 before 1.0.1.54, EX6200v2 before 1.0.1.50, EX6400 before 1.0.1.60, EX7300 before 1.0.1.60, and WN3000RPv3 before 1.0.2.44 [1]. The vulnerability exists in the web management interface of these devices, which lacks sufficient anti-CSRF protections.

Exploitation

An attacker can exploit the CSRF vulnerability by tricking an authenticated administrator into visiting a crafted web page or link while the admin is logged into the device's web interface. The attacker does not need prior network access to the device beyond the ability to serve the malicious page (e.g., through another website or email link). No specialized prerequisites such as race conditions or write access are required; the attack relies on standard CSRF techniques using forged HTTP requests that appear legitimate from the admin's session.

Impact

Successful exploitation allows the attacker to perform arbitrary actions on the affected extender using the admin's session privileges [1]. Potential outcomes include modifying device configuration, gaining sensitive information from the admin's session, or potentially achieving code execution via configuration manipulation. According to the NETGEAR advisory, the CVSS v3 score is 8.8 with a vector of AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating high impacts on confidentiality, integrity, and availability [1].

Mitigation

NETGEAR released fixed firmware versions on an undisclosed date before the advisory publication. Affected users should upgrade to the latest firmware as follows: EX6100 to 1.0.2.16_1.1.130 or later, EX6100v2 to 1.0.1.70 or later, EX6150v2 to 1.0.1.54 or later, EX6200v2 to 1.0.1.50 or later, EX6400 to 1.0.1.60 or later, EX7300 to 1.0.1.60 or later, and WN3000RPv3 to 1.0.2.44 or later [1]. No workaround is mentioned; NETGEAR strongly recommends installing the updated firmware from their support site.

References

Security Advisory for Cross Site Request Forgery on Some Extenders, PSV-2016-0130

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

NETGEAR/NETGEAR devicesdescription
Netgear/EX6100v2llm-create
Range: <1.0.1.70
Netgear/EX6150v2llm-create
Range: <1.0.1.54
Netgear/EX6100llm-fuzzy
Range: <1.0.2.16_1.1.130

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

kb.netgear.com/000051475/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Extenders-PSV-2016-0130mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000