CVE-2013-0717

Published: Mar 19, 2013Modified: Apr 29, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the web-based management utility on the NEC AtermWR9500N, AtermWR8600N, AtermWR8370N, AtermWR8160N, AtermWM3600R, and AtermWM3450RN routers allow remote attackers to hijack the authentication of administrators for requests that (1) initialize settings or (2) reboot the device.

Affected (6)

Products: Nec: Atermwm3450rn, Atermwm3600r, Atermwr8160n, Atermwr8370n, Atermwr8600n, Atermwr9500n

6 products

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Nec Atermwm3450rn	All versions
Nec Atermwm3600r	All versions
Nec Atermwr8160n	All versions
Nec Atermwr8370n	All versions
Nec Atermwr8600n	All versions
Nec Atermwr9500n	All versions

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (8)

http://jpn.nec.com/security-info/secinfo/nv13-005.html

Source: vultures@jpcert.or.jp

http://jvn.jp/en/jp/JVN59503133/6443/index.html

Source: vultures@jpcert.or.jp

http://jvn.jp/en/jp/JVN59503133/index.html

Source: vultures@jpcert.or.jp

http://jvndb.jvn.jp/jvndb/JVNDB-2013-000024

Source: vultures@jpcert.or.jp

http://jpn.nec.com/security-info/secinfo/nv13-005.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://jvn.jp/en/jp/JVN59503133/6443/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://jvn.jp/en/jp/JVN59503133/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://jvndb.jvn.jp/jvndb/JVNDB-2013-000024

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.