CVE-2021-32122 – This CVE describes a Cross-Site Request Forgery... (How to Fix)

Q: What is the severity of CVE-2021-32122?

CVE-2021-32122 has a CVSS score of 9.8 (CRITICAL). This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in certain NETGEAR WiFi extenders. Attackers can trick authenticated users into performing unauthorized actions on their devices. Affected users include those with EX3700, EX3800, EX6120, or EX6130 extenders running vulnerable firmware versions.

📋 TL;DR

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in certain NETGEAR WiFi extenders. Attackers can trick authenticated users into performing unauthorized actions on their devices. Affected users include those with EX3700, EX3800, EX6120, or EX6130 extenders running vulnerable firmware versions.

💻 Affected Systems

Products:

NETGEAR EX3700
NETGEAR EX3800
NETGEAR EX6120
NETGEAR EX6130

Versions: EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices with default configurations are vulnerable. The vulnerability requires the user to be authenticated to the web interface.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could change device settings, disable security features, or potentially gain administrative access to the extender, leading to network compromise.

🟠

Likely Case

Attackers could modify WiFi settings, change passwords, or disrupt network connectivity for users.

🟢

If Mitigated

With proper CSRF protections and user awareness, the risk is significantly reduced as exploitation requires user interaction.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires the victim to be logged into the extender's web interface and visit a malicious webpage.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: EX3700: 1.0.0.90+, EX3800: 1.0.0.90+, EX6120: 1.0.0.64+, EX6130: 1.0.0.44+

Vendor Advisory: https://kb.netgear.com/000063883/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Extenders-PSV-2021-0102

Restart Required: Yes

Instructions:

1. Log into the NETGEAR extender web interface. 2. Navigate to Advanced > Administration > Firmware Update. 3. Check for updates and apply the latest firmware. 4. Reboot the device after update completes.

🔧 Temporary Workarounds

Log out after use

all

Always log out of the extender web interface after configuration changes to reduce attack window.

Use separate browser profiles

all

Use different browser profiles or private browsing for administrative tasks versus regular browsing.

🧯 If You Can't Patch

Implement network segmentation to isolate extenders from critical systems
Use browser extensions that block CSRF attempts

🔍 How to Verify

Check if Vulnerable:

Access the extender web interface and check the firmware version in Advanced > Administration > Firmware Update.

Check Version:

No CLI command available. Check via web interface at Advanced > Administration > Firmware Update.

Verify Fix Applied:

Verify the firmware version matches or exceeds the patched versions listed in the fix section.

📡 Detection & Monitoring

Log Indicators:

Unexpected configuration changes in device logs
Multiple failed login attempts followed by successful login

Network Indicators:

Unusual HTTP POST requests to extender management interface from external sources

SIEM Query:

source="netgear_extender" AND (event="config_change" OR event="admin_login")

📊 Metadata

CVE ID: CVE-2021-32122

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-352

Published: August 11, 2021

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-32122, you might also want to check these: