CVE-2019-13395 — Cross-Site Request Forgery in Netgear Cg3700b Firmware

CWE-352 — Cross-Site Request Forgery3 documents3 sources

Severity

8.8HIGHNVD

EPSS

0.2%

top 59.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netgear Cg3700b Firmware

Timeline

PublishedMar 13

Latest updateMay 24

Description

The Voo branded NETGEAR CG3700b custom firmware V2.02.03 allows CSRF against all /goform/ URIs. An attacker can modify all settings including WEP/WPA/WPA2 keys, restore the router to factory settings, or even upload an entire malicious configuration file.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDnetgear/cg3700b_firmware2.02.03

🔴Vulnerability Details

GHSA

GHSA-6277-gxh3-j22j: The Voo branded NETGEAR CG3700b custom firmware V2↗2022-05-24

▶

CVEList

CVE-2019-13395: The Voo branded NETGEAR CG3700b custom firmware V2↗2020-03-13

▶