CVE-2017-18781
Description
Certain NETGEAR devices are affected by CSRF. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, JR6150 before 1.0.1.12, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 before 1.0.1.12, R6080 before 1.0.0.26, R6120 before 1.0.0.36, R6220 before 1.1.0.60, R6700v2 before 1.2.0.12, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Multiple NETGEAR routers are vulnerable to CSRF that could let an attacker trigger actions without user consent.
Vulnerability
A cross-site request forgery (CSRF) vulnerability exists in the web management interface of several NETGEAR router models. Affected devices include D6200 before firmware version 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, JR6150 before 1.0.1.12, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 before 1.0.1.12, R6080 before 1.0.0.26, R6120 before 1.0.0.36, R6220 before 1.1.0.60, R6700v2 before 1.2.0.12, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44. The bug does not require any special configuration to be reachable; any user who opens a malicious page in the same browser session as the router's management page is at risk [1].
Exploitation
An attacker can craft a malicious web page or email that, when visited by an authenticated administrator, submits unauthorized requests to the router's web interface. No authentication is needed beyond the victim's existing session; the attacker simply embeds HTML or JavaScript that forces the victim's browser to send a forged request, for example to change DNS settings or enable remote access. The user must be logged into the router's web UI at the time of the attack [1].
Impact
Successful CSRF exploitation allows an attacker to perform administrative actions on the router as if they were the authenticated user. This could include modifying network configuration, changing administrative credentials, enabling remote management, or exfiltrating sensitive information. The compromise operates at the highest privilege level (admin) and can lead to full device takeover or persistent network compromise [1].
Mitigation
NETGEAR has released firmware updates that fix the CSRF vulnerability. The fixed versions are: D6200 (1.1.00.24), D7000 (1.0.1.52), JNR1010v2 (1.1.0.44), JWNR2010v5 (1.1.0.44), JR6150 (1.0.1.12), PR2000 (1.0.0.20), R6020 (1.0.0.26), R6050 (1.0.1.12), R6080 (1.0.0.26), R6120 (1.0.0.36), R6220 (1.1.0.60), R6700v2 (1.2.0.12), R6800 (1.2.0.12), R6900v2 (1.2.0.12), WNDR3700v5 (1.1.0.50), WNR1000v4 (1.1.0.44), WNR2020 (1.1.0.44), and WNR2050 (1.1.0.44). Users should update to the latest firmware available from NETGEAR Support as soon as possible. There is no known workaround; the vendor recommends immediate patching [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- NETGEAR/NETGEAR devicesdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.