CVE-2013-3516

Опубликовано: 13 нояб. 2019

Источник: nvd

CVSS3: 6.5

CVSS2: 4.3

EPSS Низкий

Описание

NETGEAR WNR3500U and WNR3500L routers uses form tokens abased solely on router's current date and time, which allows attackers to guess the CSRF tokens.

Ссылки

https://www.ise.io/casestudies/exploiting-soho-routers/
Third Party Advisory
https://www.ise.io/research/studies-and-papers/netgear_wnr3500/
Exploit
Mitigation
Third Party Advisory
https://www.ise.io/soho_service_hacks/
Third Party Advisory
https://www.ise.io/casestudies/exploiting-soho-routers/
Third Party Advisory
https://www.ise.io/research/studies-and-papers/netgear_wnr3500/
Exploit
Mitigation
Third Party Advisory
https://www.ise.io/soho_service_hacks/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:netgear:wnr3500u_firmware:1.2.2.44_35.0.53na:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnr3500u:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:netgear:wnr3500l_firmware:1.2.2.44_35.0.53na:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnr3500l:-:*:*:*:*:*:*:*

EPSS

Процентиль: 44%

0.00217

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-6879-2prc-hvq7