NETGEAR WNR3500U and WNR3500L routers uses form tokens abased solely on router's current date and time, which allows attackers to guess the CSRF tokens.
References
Link | Resource |
---|---|
https://www.ise.io/casestudies/exploiting-soho-routers/ | Third Party Advisory |
https://www.ise.io/research/studies-and-papers/netgear_wnr3500/ | Exploit Mitigation Third Party Advisory |
https://www.ise.io/soho_service_hacks/ | Third Party Advisory |
https://www.ise.io/casestudies/exploiting-soho-routers/ | Third Party Advisory |
https://www.ise.io/research/studies-and-papers/netgear_wnr3500/ | Exploit Mitigation Third Party Advisory |
https://www.ise.io/soho_service_hacks/ | Third Party Advisory |
Configurations
History
21 Nov 2024, 01:53
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.ise.io/casestudies/exploiting-soho-routers/ - Third Party Advisory | |
References | () https://www.ise.io/research/studies-and-papers/netgear_wnr3500/ - Exploit, Mitigation, Third Party Advisory | |
References | () https://www.ise.io/soho_service_hacks/ - Third Party Advisory |
Information
Published : 2019-11-13 20:15
Updated : 2024-11-21 01:53
NVD link : CVE-2013-3516
Mitre link : CVE-2013-3516
CVE.ORG link : CVE-2013-3516
JSON object : View
Products Affected
netgear
- wnr3500l_firmware
- wnr3500l
- wnr3500u_firmware
- wnr3500u
CWE
CWE-352
Cross-Site Request Forgery (CSRF)