PT-2020-9399 · NetGear · Netgear Cg3700B

Published

2020-03-13

Updated

2021-07-21

CVE-2019-13394

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: NETGEAR CG3700b custom firmware version V2.02.03

Description: The issue concerns the use of HTTP Basic Authentication over cleartext HTTP, which poses a security risk.

Recommendations: For NETGEAR CG3700b custom firmware version V2.02.03, consider disabling HTTP Basic Authentication until a secure alternative is implemented, or restrict access to the affected authentication mechanism to minimize the risk of exploitation.

Exploit

Fix

Cleartext Transmission of Sensitive Information

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-319CWE-522

Related Identifiers

CVE-2019-13394

Affected Products

Netgear Cg3700B

PT-2020-9399 · NetGear · Netgear Cg3700B

CVE-2019-13394

Weakness Enumeration

Related Identifiers

Affected Products

References · 4