CVE-2013-0717

Multiple cross-site request forgery (CSRF) vulnerabilities in the web-based management utility on the NEC AtermWR9500N, AtermWR8600N, AtermWR8370N, AtermWR8160N, AtermWM3600R, and AtermWM3450RN routers allow remote attackers to hijack the authentication of administrators for requests that (1) initialize settings or (2) reboot the device.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
jpcertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
VendorProductVersion
necatermwm3450rn
-
necatermwm3600r
-
necatermwr8160n
-
necatermwr8370n
-
necatermwr8600n
-
necatermwr9500n
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://jpn.nec.com/security-info/secinfo/nv13-005.html
http://jvn.jp/en/jp/JVN59503133/6443/index.html
http://jvn.jp/en/jp/JVN59503133/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2013-000024
http://jpn.nec.com/security-info/secinfo/nv13-005.html
http://jvn.jp/en/jp/JVN59503133/6443/index.html
http://jvn.jp/en/jp/JVN59503133/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2013-000024