Strix
26.1K

CVE-2019-13393

HIGHCVSS 7.5/10EPSS 1.24%

Last modified

CVE-2019-13393 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses the same default 8 character passphrase for the administrative console and the WPA2 pre-shared key. Either an attack against HTTP Basic Authentication or an attack against WPA2 could be used to determine this passphrase.. EPSS estimates a 1.24% chance of exploitation in the next 30 days.

Description

The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses the same default 8 character passphrase for the administrative console and the WPA2 pre-shared key. Either an attack against HTTP Basic Authentication or an attack against WPA2 could be used to determine this passphrase.

Metrics

CVSS 3.1
7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Probability
1.24%

65.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
NetgearCg3700b Firmware2.02.03

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2019-13393?
The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses the same default 8 character passphrase for the administrative console and the WPA2 pre-shared key. Either an attack against HTTP Basic Authentication or an attack against WPA2 could be used to determine this passphrase.
How severe is CVE-2019-13393?
CVE-2019-13393 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 1.24% probability of exploitation in the next 30 days.
How do I fix CVE-2019-13393?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-13393?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST