PT-2020-9400 · NetGear · Netgear Cg3700B
Ray Doyle
·
Published
2020-03-13
·
Updated
2020-03-18
·
CVE-2019-13395
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
NETGEAR CG3700b custom firmware version V2.02.03
Description:
The issue allows for Cross-Site Request Forgery (CSRF) attacks against all "/goform/" URIs. An attacker can modify all settings, including WEP/WPA/WPA2 keys, restore the router to factory settings, or upload a malicious configuration file.
Recommendations:
For NETGEAR CG3700b custom firmware version V2.02.03, consider disabling access to all "/goform/" URIs as a temporary workaround until a patch is available. Restricting access to the router's settings and configuration files can also help minimize the risk of exploitation.
Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Netgear Cg3700B