CVE-2019-13393Initialization of a Resource with an Insecure Default in Netgear Cg3700b Firmware

CWE-1188Initialization of a Resource with an Insecure Default3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 38.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Netgear Cg3700b Firmware
Timeline
PublishedMar 13
Latest updateMay 24

Description

The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses the same default 8 character passphrase for the administrative console and the WPA2 pre-shared key. Either an attack against HTTP Basic Authentication or an attack against WPA2 could be used to determine this passphrase.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-7qhr-r3gj-gxg8: The Voo branded NETGEAR CG3700b custom firmware V22022-05-24
CVEList
CVE-2019-13393: The Voo branded NETGEAR CG3700b custom firmware V22020-03-13
CVE-2019-13393 — Netgear Cg3700b Firmware vulnerability | cvebase