Sign-up

ID

VAR-202003-0789


CVE

CVE-2019-13395


TITLE

Voo branded NETGEAR CG3700b cross-site request forgery vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-20981 // CNNVD: CNNVD-202003-844

DESCRIPTION

The Voo branded NETGEAR CG3700b custom firmware V2.02.03 allows CSRF against all /goform/ URIs. An attacker can modify all settings including WEP/WPA/WPA2 keys, restore the router to factory settings, or even upload an entire malicious configuration file. NETGEAR CG3700b A cross-site request forgery vulnerability exists in custom firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR CG3700b is a cable modem and router from NETGEAR. The vulnerability stems from the fact that the network system or product does not fully verify the source or authenticity of the data. An attacker can use the forged data to attack

Trust: 2.16

sources: NVD: CVE-2019-13395 // JVNDB: JVNDB-2019-014967 // CNVD: CNVD-2020-20981

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-20981

AFFECTED PRODUCTS

vendor:netgearmodel:cg3700bscope:eqversion:2.02.03

Trust: 2.4

sources: CNVD: CNVD-2020-20981 // JVNDB: JVNDB-2019-014967 // NVD: CVE-2019-13395

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-13395
value: HIGH

Trust: 1.0

NVD: JVNDB-2019-014967
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-20981
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202003-844
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-13395
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-014967
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-20981
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-13395
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2019-014967
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-20981 // JVNDB: JVNDB-2019-014967 // CNNVD: CNNVD-202003-844 // NVD: CVE-2019-13395

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.8

sources: JVNDB: JVNDB-2019-014967 // NVD: CVE-2019-13395

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-844

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-202003-844

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-014967

PATCH
title:C3700 - N600 WiFi Cable Modem Routerurl:https://www.netgear.com/support/product/C3700.aspx
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-014967

EXTERNAL IDS
db:NVDid:CVE-2019-13395
Trust: 3.0
db:JVNDBid:JVNDB-2019-014967
Trust: 0.8
db:CNVDid:CNVD-2020-20981
Trust: 0.6
db:CNNVDid:CNNVD-202003-844
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-20981 // 
            
            
            
            JVNDB: JVNDB-2019-014967 // 
            
            
            
            CNNVD: CNNVD-202003-844 // 
            
            
            
            NVD: CVE-2019-13395

REFERENCES
url:https://www.doyler.net/security-not-included/voo-netgear-cg3700b-vulnerabilities
Trust: 3.0
url:https://nvd.nist.gov/vuln/detail/cve-2019-13395
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13395
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-20981 // 
            
            
            
            JVNDB: JVNDB-2019-014967 // 
            
            
            
            CNNVD: CNNVD-202003-844 // 
            
            
            
            NVD: CVE-2019-13395

SOURCES
db:CNVDid:CNVD-2020-20981
db:JVNDBid:JVNDB-2019-014967
db:CNNVDid:CNNVD-202003-844
db:NVDid:CVE-2019-13395

LAST UPDATE DATE
2024-11-23T22:58:20.585000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-20981date:2020-04-02T00:00:00
db:JVNDBid:JVNDB-2019-014967date:2020-03-31T00:00:00
db:CNNVDid:CNNVD-202003-844date:2021-03-23T00:00:00
db:NVDid:CVE-2019-13395date:2024-11-21T04:24:51.293

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-20981date:2020-04-02T00:00:00
db:JVNDBid:JVNDB-2019-014967date:2020-03-31T00:00:00
db:CNNVDid:CNNVD-202003-844date:2020-03-13T00:00:00
db:NVDid:CVE-2019-13395date:2020-03-13T18:15:12.763