CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2013-3516
https://notcve.org/view.php?id=CVE-2013-3516
13 Nov 2019 — NETGEAR WNR3500U and WNR3500L routers uses form tokens abased solely on router's current date and time, which allows attackers to guess the CSRF tokens. Los routers NETGEAR WNR3500U y WNR3500L usan tokens de formulario basados ??únicamente en la fecha y hora actuales del router, lo que permite a atacantes adivinar los tokens de tipo CSRF. • https://www.ise.io/casestudies/exploiting-soho-routers • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2013-3517
https://notcve.org/view.php?id=CVE-2013-3517
13 Nov 2019 — Cross-site scripting (XSS) vulnerability in NETGEAR WNR3500U and WNR3500L. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en NETGEAR WNR3500U y WNR3500L. • https://www.ise.io/casestudies/exploiting-soho-routers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2013-4657
https://notcve.org/view.php?id=CVE-2013-4657
13 Nov 2019 — Symlink Traversal vulnerability in NETGEAR WNR3500U and WNR3500L due to misconfiguration in the SMB service. Una vulnerabilidad de Salto de Enlace Simbólico en NETGEAR WNR3500U y WNR3500L, debido a una configuración inapropiada en el servicio SMB. • https://www.ise.io/soho_service_hacks • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •