Multiple Cross-Site Scripting Flaws in NETGEAR WNDR4700
CVE-2013-3069

Currently unrated

Key Information:

Vendor: Netgear
Status: Wndr4700 Firmware; Wndr4700
Vendor: CVE Published:; 25 April 2014

Summary

The NETGEAR WNDR4700 router, specifically firmware version 1.0.0.34, contains multiple vulnerabilities that allow remote authenticated users to exploit cross-site scripting (XSS) flaws. Attackers can inject arbitrary web scripts or HTML by interacting with the NAS User Setup page, the USB_advanced.htm page, and the Wireless Setup page. This can potentially lead to unauthorized access and manipulation of sensitive data, emphasizing the need for prompt security updates.

References

http://securityevaluators.com/knowledge/case_studies/rout...

x_refsource_MISC

http://osvdb.org/92557

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
Apr 25, 2014
Vulnerability Reserved
Apr 15, 2013