Sign-up

ID

VAR-202003-0787


CVE

CVE-2019-13393


TITLE

NETGEAR CG3700b Authentication vulnerabilities in custom firmware

Trust: 0.8

sources: JVNDB: JVNDB-2019-014971

DESCRIPTION

The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses the same default 8 character passphrase for the administrative console and the WPA2 pre-shared key. Either an attack against HTTP Basic Authentication or an attack against WPA2 could be used to determine this passphrase. NETGEAR CG3700b Custom firmware contains an authentication vulnerability.Information may be obtained. NETGEAR CG3700b is a cable modem and router from NETGEAR. Voo branded NETGEAR CG3700b has an authorization issue vulnerability

Trust: 2.16

sources: NVD: CVE-2019-13393 // JVNDB: JVNDB-2019-014971 // CNVD: CNVD-2020-20982

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-20982

AFFECTED PRODUCTS

vendor:netgearmodel:cg3700bscope:eqversion:2.02.03

Trust: 2.4

sources: CNVD: CNVD-2020-20982 // JVNDB: JVNDB-2019-014971 // NVD: CVE-2019-13393

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-13393
value: HIGH

Trust: 1.0

NVD: JVNDB-2019-014971
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-20982
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202003-843
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-13393
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-014971
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-20982
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-13393
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2019-014971
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-20982 // JVNDB: JVNDB-2019-014971 // CNNVD: CNNVD-202003-843 // NVD: CVE-2019-13393

PROBLEMTYPE DATA

problemtype:CWE-1188

Trust: 1.0

problemtype:CWE-287

Trust: 0.8

sources: JVNDB: JVNDB-2019-014971 // NVD: CVE-2019-13393

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-843

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202003-843

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-014971

PATCH
title:C3700 - N600 WiFi Cable Modem Routerurl:https://www.netgear.com/support/product/C3700.aspx
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-014971

EXTERNAL IDS
db:NVDid:CVE-2019-13393
Trust: 3.0
db:JVNDBid:JVNDB-2019-014971
Trust: 0.8
db:CNVDid:CNVD-2020-20982
Trust: 0.6
db:CNNVDid:CNNVD-202003-843
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-20982 // 
            
            
            
            JVNDB: JVNDB-2019-014971 // 
            
            
            
            CNNVD: CNNVD-202003-843 // 
            
            
            
            NVD: CVE-2019-13393

REFERENCES
url:https://www.doyler.net/security-not-included/voo-netgear-cg3700b-vulnerabilities
Trust: 3.0
url:https://nvd.nist.gov/vuln/detail/cve-2019-13393
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13393
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-20982 // 
            
            
            
            JVNDB: JVNDB-2019-014971 // 
            
            
            
            CNNVD: CNNVD-202003-843 // 
            
            
            
            NVD: CVE-2019-13393

SOURCES
db:CNVDid:CNVD-2020-20982
db:JVNDBid:JVNDB-2019-014971
db:CNNVDid:CNNVD-202003-843
db:NVDid:CVE-2019-13393

LAST UPDATE DATE
2024-11-23T22:37:31.136000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-20982date:2020-04-02T00:00:00
db:JVNDBid:JVNDB-2019-014971date:2020-03-31T00:00:00
db:CNNVDid:CNNVD-202003-843date:2021-03-23T00:00:00
db:NVDid:CVE-2019-13393date:2024-11-21T04:24:51.020

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-20982date:2020-04-02T00:00:00
db:JVNDBid:JVNDB-2019-014971date:2020-03-31T00:00:00
db:CNNVDid:CNNVD-202003-843date:2020-03-13T00:00:00
db:NVDid:CVE-2019-13393date:2020-03-13T18:15:12.637