Cross site request forgery (csrf)

2020-03-1318:15:00

PRIOn knowledge base

www.prio-n.com

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.0%

JSON

The Voo branded NETGEAR CG3700b custom firmware V2.02.03 allows CSRF against all /goform/ URIs. An attacker can modify all settings including WEP/WPA/WPA2 keys, restore the router to factory settings, or even upload an entire malicious configuration file.

CPENameOperatorVersion
cg3700b_firmwareeq2.02.03

CPE	Name	Operator	Version
	cg3700b_firmware	eq	2.02.03

References

www.doyler.net/security-not-included/voo-netgear-cg3700b-vulnerabilities