EUVD-2019-4888

Malware in sbrugna...

EUVD-2019-4887

Malware in sbrugna...

CVE-2019-13394

The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses HTTP Basic Authentication over cleartext HTTP...

Voo branded NETGEAR CG3700b Authorization Issues Vulnerability

The NETGEAR CG3700b is a cable modem and router from NETGEAR. An authorization issue vulnerability exists in the Voo branded NETGEAR CG3700b that stems from the use of the same default 8-character passphrase for the management console and WPA2 pre-shared key, which can be exploited by an attacker...

CVE-2019-13394

The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses HTTP Basic Authentication over cleartext HTTP...

CVE-2019-13395

The Voo branded NETGEAR CG3700b custom firmware V2.02.03 allows CSRF against all /goform/ URIs. An attacker can modify all settings including WEP/WPA/WPA2 keys, restore the router to factory settings, or even upload an entire malicious configuration file...

CVE-2019-13393

The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses the same default 8 character passphrase for the administrative console and the WPA2 pre-shared key. Either an attack against HTTP Basic Authentication or an attack against WPA2 could be used to determine this passphrase...

CVE-2019-13394

The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses HTTP Basic Authentication over cleartext HTTP...

CVE-2019-13395

The Voo branded NETGEAR CG3700b custom firmware V2.02.03 allows CSRF against all /goform/ URIs. An attacker can modify all settings including WEP/WPA/WPA2 keys, restore the router to factory settings, or even upload an entire malicious configuration file...

CVE-2019-13393

The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses the same default 8 character passphrase for the administrative console and the WPA2 pre-shared key. Either an attack against HTTP Basic Authentication or an attack against WPA2 could be used to determine this passphrase...

Design/Logic Flaw

The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses the same default 8 character passphrase for the administrative console and the WPA2 pre-shared key. Either an attack against HTTP Basic Authentication or an attack against WPA2 could be used to determine this passphrase...

Cross site request forgery (csrf)

The Voo branded NETGEAR CG3700b custom firmware V2.02.03 allows CSRF against all /goform/ URIs. An attacker can modify all settings including WEP/WPA/WPA2 keys, restore the router to factory settings, or even upload an entire malicious configuration file...

Authentication flaw

The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses HTTP Basic Authentication over cleartext HTTP...

CVE-2019-13393

The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses the same default 8 character passphrase for the administrative console and the WPA2 pre-shared key. Either an attack against HTTP Basic Authentication or an attack against WPA2 could be used to determine this passphrase...

CVE-2019-13393

Affected product: Voo-branded NETGEAR CG3700b with custom firmware V2.02.03. Issue: same default 8-character passphrase used for both the administrative console and the WPA2 pre-shared key. Root cause: credential reuse enables exposure of management/admin access and wireless PSK. Exploitation pat...

CVE-2019-13394

The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses HTTP Basic Authentication over cleartext HTTP...

CVE-2019-13394

The CVE-2019-13394 entry affects the Voo-branded NETGEAR CG3700b custom firmware (V2.02.03). The vulnerability is that HTTP Basic Authentication is used over cleartext HTTP, causing credentials to be transmitted unencrypted. This exposes confidentiality (and potentially integrity) of credentials ...

CVE-2019-13395

CVE-2019-13395: The Voo-branded NETGEAR CG3700b custom firmware (v2.02.03) is vulnerable to CSRF against all /goform/ URIs. An attacker could modify settings (including WEP/WPA/WPA2 keys), reset the router to factory defaults, or upload a malicious configuration file. Multiple connected sources c...

Voo Branded Netgear CG3700b Firmware CSRF / Authentication

CVEs pending, screenshots and further examples available soon on my site. Cross-Site Request Forgery CSRF on all form POSTs --------------------------------------------------------------------------------- The Voo branded Netgear CG3700b custom firmware newest version, V2.02.03 allows a...