CVE-2013-3069
NETGEAR WNDR4700 1.0.0.34 Authenticated XSS via NAS/User/USB/Wireless Setup
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR WNDR4700 with firmware 1.0.0.34 allow remote authenticated users to inject arbitrary web script or HTML via the (1) UserName or (2) Password to the NAS User Setup page, (3) deviceName to USB_advanced.htm, or (4) Network Key to the Wireless Setup page.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/92557
Exploit x_refsource_misc
http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf
Scores
EPSS
0.0016
EPSS Percentile
36.3%
Details
CWE
CWE-79
Status
published
Products (2)
netgear/wndr4700
netgear/wndr4700_firmware
1.0.0.34
Published
Apr 25, 2014
Tracked Since
Feb 18, 2026