CVE-2019-13395

2020-03-1317:24:30

mitre

www.cve.org

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.0%

JSON

The Voo branded NETGEAR CG3700b custom firmware V2.02.03 allows CSRF against all /goform/ URIs. An attacker can modify all settings including WEP/WPA/WPA2 keys, restore the router to factory settings, or even upload an entire malicious configuration file.

References

www.doyler.net/security-not-included/voo-netgear-cg3700b-vulnerabilities