ID
VAR-E-201304-0008
CVE
| cve_id: | CVE-2013-3069 | Trust: 0.3 |
TITLE
NetGear WNDR4700 CVE-2013-3069 Cross-Site Scripting Vulnerability
Trust: 0.3
DESCRIPTION
NetGear WNDR4700 is prone to an unspecified cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected device. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
NetGear WNDR4700 running firmware 1.0.0.34 is vulnerable.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | netgear | model: | wndr4700 | scope: | eq | version: | 1.0.0.34 | Trust: 0.3 |
EXPLOIT
An attacker can exploit this issue by enticing an unsuspecting user to follow a URI.
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Input Validation Error
Trust: 0.3
CREDITS
Jacob Holcomb of Independent Security Evaluators
Trust: 0.3
EXTERNAL IDS
| db: | NVD | id: | CVE-2013-3069 | Trust: 0.3 |
| db: | BID | id: | 59306 | Trust: 0.3 |
REFERENCES
| url: | http://securityevaluators.com/content/case-studies/routers/netgear_wndr4700.jsp | Trust: 0.3 |
| url: | http://www.netgear.com/wndr4700# | Trust: 0.3 |
SOURCES
| db: | BID | id: | 59306 |
LAST UPDATE DATE
2022-07-27T09:32:53.852000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 59306 | date: | 2013-04-17T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 59306 | date: | 2013-04-17T00:00:00 |