3 matches found
CVE-2019-12511
In NETGEAR Nighthawk X10-R9000 prior to 1.0.4.26, an attacker may execute arbitrary system commands as root by sending a specially-crafted MAC address to the "NETGEAR Genie" SOAP endpoint at AdvancedQoS:GetCurrentBandwidthByMAC. Although this requires QoS being enabled, advanced QoS being enabled...
CVE-2019-12511 Root Command Injection via MAC Address in SOAPĀ API
In NETGEAR Nighthawk X10-R9000 prior to 1.0.4.26, an attacker may execute arbitrary system commands as root by sending a specially-crafted MAC address to the "NETGEAR Genie" SOAP endpoint at AdvancedQoS:GetCurrentBandwidthByMAC. Although this requires QoS being enabled, advanced QoS being enabled...
CVE-2019-12511
Affected product: NETGEAR Nighthawk X10-R9000 with firmware before 1.0.4.26. CVE-2019-12511 enables arbitrary root commands by sending a crafted MAC to the NETGEAR Genie SOAP endpoint AdvancedQoS:GetCurrentBandwidthByMAC; exploitation requires QoS and advanced QoS enabled and a valid JWT. It is l...