CVE-2013-3516
MEDIUMNETGEAR WNR3500U and WNR3500L - Cross-Site Request Forgery via Predictable Form Tokens
Title source: llmDescription
NETGEAR WNR3500U and WNR3500L routers uses form tokens abased solely on router's current date and time, which allows attackers to guess the CSRF tokens.
References (3)
Core 3
Core References
Third Party Advisory x_refsource_misc
https://www.ise.io/casestudies/exploiting-soho-routers/
Third Party Advisory x_refsource_misc
https://www.ise.io/soho_service_hacks/
Exploit, Mitigation, Third Party Advisory x_refsource_misc
https://www.ise.io/research/studies-and-papers/netgear_wnr3500/
Scores
CVSS v3
6.5
EPSS
0.0022
EPSS Percentile
44.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Details
CWE
CWE-352
Status
published
Products (2)
netgear/wnr3500l_firmware
1.2.2.44_35.0.53na
netgear/wnr3500u_firmware
1.2.2.44_35.0.53na
Published
Nov 13, 2019
Tracked Since
Feb 18, 2026