Ray Doyle

**Name of the Vulnerable Software and Affected Versions** AutoUpdater.NET versions prior to 1.5.8 **Description** The issue affects AutoUpdater.NET and is related to an XXE (XML External Entity) vulnerability in the AutoUpdater.cs file. This allows for potential exploitation. **Recommendations** For versions prior to 1.5.8, update to version 1.5.8 or later to resolve the issue. As a temporary workaround, consider restricting the use of the AutoUpdater.cs file until a patch is applied.

Name of the Vulnerable Software and Affected Versions: NETGEAR CG3700b custom firmware version V2.02.03 Description: The issue concerns the use of the same default 8 character passphrase for both the administrative console and the WPA2 pre-shared key. This could be exploited through attacks against HTTP Basic Authentication or WPA2 to determine the passphrase. Recommendations: For NETGEAR CG3700b custom firmware version V2.02.03, change the default passphrase for both the administrative console and the WPA2 pre-shared key to unique and strong passwords to prevent exploitation. As a temporary workaround, consider restricting access to the administrative console and limiting the use of WPA2 pre-shared key until a patch is available.

Name of the Vulnerable Software and Affected Versions: NETGEAR CG3700b custom firmware version V2.02.03 Description: The issue allows for Cross-Site Request Forgery (CSRF) attacks against all "/goform/" URIs. An attacker can modify all settings, including WEP/WPA/WPA2 keys, restore the router to factory settings, or upload a malicious configuration file. Recommendations: For NETGEAR CG3700b custom firmware version V2.02.03, consider disabling access to all "/goform/" URIs as a temporary workaround until a patch is available. Restricting access to the router's settings and configuration files can also help minimize the risk of exploitation.