Design/Logic Flaw

2019-10-1611:15:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

Low

0.072 Low

EPSS

Percentile

94.1%

NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control because the ok value of the auth cookie is a special case.

CPENameOperatorVersion
jnr1010_firmwarelt1.0.0.32

CPE	Name	Operator	Version
	jnr1010_firmware	lt	1.0.0.32

References

cybersecurityworks.com/zerodays/cve-2016-11014-netgear.html

github.com/cybersecurityworks/Disclosed/issues/14

khalil-shreateh.com/khalil.shtml/it-highlights/593-Netgear-1.0.0.24-Bypass---Improper-Session-Management--.html

lists.openwall.net/full-disclosure/2016/01/11/5

packetstormsecurity.com/files/135216/Netgear-1.0.0.24-Bypass-Improper-Session-Management.html