Posted by dev on Apr 26

CVEs pending, screenshots and further examples available soon on my site.

Cross-Site Request Forgery (CSRF) on all form POSTs
———————————————————————————
The Voo branded Netgear CG3700b custom firmware (newest version, V2.02.03)
allows a (context-dependent) attacker to perform a Cross-Site Request
Forgery (CSRF) attack on all configuration setting
(/goform/<settingspage>) page POST…