Vulnerability Description
NETGEAR WNR3500U and WNR3500L routers uses form tokens abased solely on router's current date and time, which allows attackers to guess the CSRF tokens.
CVSS Score
6.5
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netgear | Wnr3500U Firmware | 1.2.2.44_35.0.53na |
| Netgear | Wnr3500U | - |
| Netgear | Wnr3500L Firmware | 1.2.2.44_35.0.53na |
| Netgear | Wnr3500L | - |
Related Weaknesses (CWE)
References
- https://www.ise.io/casestudies/exploiting-soho-routers/Third Party Advisory
- https://www.ise.io/research/studies-and-papers/netgear_wnr3500/ExploitMitigationThird Party Advisory
- https://www.ise.io/soho_service_hacks/Third Party Advisory
- https://www.ise.io/casestudies/exploiting-soho-routers/Third Party Advisory
- https://www.ise.io/research/studies-and-papers/netgear_wnr3500/ExploitMitigationThird Party Advisory
- https://www.ise.io/soho_service_hacks/Third Party Advisory
FAQ
What is CVE-2013-3516?
CVE-2013-3516 is a vulnerability with a CVSS score of 6.5 (MEDIUM). NETGEAR WNR3500U and WNR3500L routers uses form tokens abased solely on router's current date and time, which allows attackers to guess the CSRF tokens.
How severe is CVE-2013-3516?
CVE-2013-3516 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-3516?
Check the references section above for vendor advisories and patch information. Affected products include: Netgear Wnr3500U Firmware, Netgear Wnr3500U, Netgear Wnr3500L Firmware, Netgear Wnr3500L.