CVE-2013-3069

Name of the Vulnerable Software and Affected Versions NETGEAR WNDR4700 version 1.0.0.34

Description The issue allows remote authenticated users to inject arbitrary web script or HTML via specific parameters to various setup pages. This can be achieved by manipulating the UserName or Password to the NAS User Setup page, deviceName to "USB advanced.htm", or Network Key to the Wireless Setup page.

Recommendations For NETGEAR WNDR4700 version 1.0.0.34, consider restricting access to the NAS User Setup page, "USB advanced.htm", and Wireless Setup page until a patch is available. As a temporary workaround, avoid using the parameters UserName, Password, deviceName, and Network Key in the affected pages.