Lucene search
MitreCVELIST:CVE-2019-12510HistoryFeb 24, 2020 - 6:16 p.m.
CVE-2019-12510 Auth Bypass Via X-Forwarded-For Header in SOAP API
2020-02-2418:16:22
mitre
www.cve.org
3
In NETGEAR Nighthawk X10-R900 prior to 1.0.4.26, an attacker may bypass all authentication checks on the device’s “NETGEAR Genie” SOAP API (“/soap/server_sa”) by supplying a malicious X-Forwarded-For header of the device’s LAN IP address (192.168.1.1) in every request. As a result, an attacker may modify almost all of the device’s settings and view various configuration settings.
Related
prion
prion
Authentication flaw
2020-02-24 19:15:00
Spoofing
2020-02-24 19:15:00
cve
cve
CVE-2019-12510
2020-02-24 19:15:13
CVE-2019-12511
2020-02-24 19:15:13
nvd
nvd
CVE-2019-12510
2020-02-24 19:15:13
CVE-2019-12511
2020-02-24 19:15:13
cvelist
cvelist
CVE-2019-12511 Root Command Injection via MAC Address in SOAP API
2020-02-24 18:16:26