CVE-2013-3516

NETGEAR WNR3500U and WNR3500L routers uses form tokens abased solely on router's current date and time, which allows attackers to guess the CSRF tokens.

CVSS v3 6.5 MEDIUM
CVSS v2.0 4.3 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://www.ise.io/casestudies/exploiting-soho-routers/	Third Party Advisory
https://www.ise.io/research/studies-and-papers/netgear_wnr3500/	Exploit Mitigation Third Party Advisory
https://www.ise.io/soho_service_hacks/	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:netgear:wnr3500u_firmware:1.2.2.44_35.0.53na:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnr3500u:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:netgear:wnr3500l_firmware:1.2.2.44_35.0.53na:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnr3500l:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-11-13 20:15

Updated : 2023-12-10 13:13

NVD link : CVE-2013-3516

Mitre link : CVE-2013-3516

CVE.ORG link : CVE-2013-3516

JSON object : View

Products Affected

netgear

wnr3500u_firmware
wnr3500l
wnr3500u
wnr3500l_firmware

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

{"id": "CVE-2013-3516", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2019-11-13T20:15:10.737", "references": [{"url": "https://www.ise.io/casestudies/exploiting-soho-routers/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.ise.io/research/studies-and-papers/netgear_wnr3500/", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.ise.io/soho_service_hacks/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "NETGEAR WNR3500U and WNR3500L routers uses form tokens abased solely on router's current date and time, which allows attackers to guess the CSRF tokens."}, {"lang": "es", "value": "Los routers NETGEAR WNR3500U y WNR3500L usan tokens de formulario basados ??\u00fanicamente en la fecha y hora actuales del router, lo que permite a atacantes adivinar los tokens de tipo CSRF."}], "lastModified": "2019-11-18T17:20:49.237", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:wnr3500u_firmware:1.2.2.44_35.0.53na:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46A1349F-15D7-4D75-A154-1E87A3422DD2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:wnr3500u:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "722C5F3C-5737-425F-B4B1-185387674C37"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:wnr3500l_firmware:1.2.2.44_35.0.53na:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD2086ED-EBE8-4D04-B6A2-E920306259C7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:wnr3500l:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "30A92EDA-46B6-4C2E-AC05-A192FFA90B85"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}