6.5
CVE-2013-3516
- EPSS 0.7%
- Veröffentlicht 13.11.2019 20:15:10
- Zuletzt bearbeitet 21.11.2024 01:53:47
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
NETGEAR WNR3500U and WNR3500L routers uses form tokens abased solely on router's current date and time, which allows attackers to guess the CSRF tokens.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Netgear ≫ Wnr3500u Firmware Version1.2.2.44_35.0.53na
Netgear ≫ Wnr3500l Firmware Version1.2.2.44_35.0.53na
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.7% | 0.484 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
https://www.ise.io/casestudies/exploiting-soho-routers/
https://www.ise.io/soho_service_hacks/
https://www.ise.io/research/studies-and-papers/netgear_wnr3500/