NETGEAR WNR3500U and WNR3500L routers uses form tokens abased solely on router's current date and time, which allows attackers to guess the CSRF tokens.
References
Link | Resource |
---|---|
https://www.ise.io/casestudies/exploiting-soho-routers/ | Third Party Advisory |
https://www.ise.io/research/studies-and-papers/netgear_wnr3500/ | Exploit Mitigation Third Party Advisory |
https://www.ise.io/soho_service_hacks/ | Third Party Advisory |
Configurations
History
No history.
Information
Published : 2019-11-13 20:15
Updated : 2024-02-28 17:28
NVD link : CVE-2013-3516
Mitre link : CVE-2013-3516
CVE.ORG link : CVE-2013-3516
JSON object : View
Products Affected
netgear
- wnr3500u
- wnr3500u_firmware
- wnr3500l
- wnr3500l_firmware
CWE
CWE-352
Cross-Site Request Forgery (CSRF)