Search Results (Refine Search)
- CPE Product Version: cpe:/h:netgear:wnr3500l:-
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2013-3516 |
NETGEAR WNR3500U and WNR3500L routers uses form tokens abased solely on router's current date and time, which allows attackers to guess the CSRF tokens. Published: November 13, 2019; 3:15:10 PM -0500 |
V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2013-3517 |
Cross-site scripting (XSS) vulnerability in NETGEAR WNR3500U and WNR3500L. Published: November 13, 2019; 2:15:11 PM -0500 |
V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2013-4657 |
Symlink Traversal vulnerability in NETGEAR WNR3500U and WNR3500L due to misconfiguration in the SMB service. Published: November 13, 2019; 1:15:10 PM -0500 |
V3.1: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2019-17372 |
Certain NETGEAR devices allow remote attackers to disable all authentication requirements by visiting genieDisableLanChanged.cgi. The attacker can then, for example, visit MNU_accessPassword_recovered.html to obtain a valid new admin password. This affects AC1450, D8500, DC112A, JNDR3000, LG2200D, R4500, R6200, R6200V2, R6250, R6300, R6300v2, R6400, R6700, R6900P, R6900, R7000P, R7000, R7100LG, R7300, R7900, R8000, R8300, R8500, WGR614v10, WN2500RPv2, WNDR3400v2, WNDR3700v3, WNDR4000, WNDR4500, WNDR4500v2, WNR1000, WNR1000v3, WNR3500L, and WNR3500L. Published: October 09, 2019; 9:15:16 AM -0400 |
V3.1: 8.1 HIGH V2.0: 4.3 MEDIUM |