Lucene search
K

12 matches found

RedhatCVE
RedhatCVE
added 2026/01/07 9:28 a.m.22 views

CVE-2019-12510

In NETGEAR Nighthawk X10-R900 prior to 1.0.4.26, an attacker may bypass all authentication checks on the device's "NETGEAR Genie" SOAP API "/soap/serversa" by supplying a malicious X-Forwarded-For header of the device's LAN IP address 192.168.1.1 in every request. As a result, an attacker may...

9.1CVSS7AI score0.00711EPSS
Exploits1References1
NVD
NVD
added 2020/02/24 7:15 p.m.12 views

CVE-2019-12513

In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, by sending a DHCP discover request containing a malicious hostname field, an attacker may execute stored XSS attacks against this device. When the malicious DHCP request is received, the device will generate a log entry containing the malicious...

6.1CVSS6AI score0.00819EPSS
Exploits1References1
NVD
NVD
added 2020/02/24 7:15 p.m.10 views

CVE-2019-12512

In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, an attacker may execute stored XSS attacks against this device by supplying a malicious X-Forwarded-For header while performing an incorrect login attempt. The value supplied by this header will be inserted into administrative logs, found at Advanc...

6.1CVSS6.1AI score0.0095EPSS
Exploits1References1
NVD
NVD
added 2020/02/24 7:15 p.m.25 views

CVE-2019-12510

In NETGEAR Nighthawk X10-R900 prior to 1.0.4.26, an attacker may bypass all authentication checks on the device's "NETGEAR Genie" SOAP API "/soap/serversa" by supplying a malicious X-Forwarded-For header of the device's LAN IP address 192.168.1.1 in every request. As a result, an attacker may...

9.1CVSS9.6AI score0.00711EPSS
Exploits1References1
Prion
Prion
added 2020/02/24 7:15 p.m.14 views

Cross site scripting

In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, by sending a DHCP discover request containing a malicious hostname field, an attacker may execute stored XSS attacks against this device. When the malicious DHCP request is received, the device will generate a log entry containing the malicious...

4.3CVSS6AI score0.00819EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2020/02/24 7:15 p.m.20 views

Authentication flaw

In NETGEAR Nighthawk X10-R900 prior to 1.0.4.26, an attacker may bypass all authentication checks on the device's "NETGEAR Genie" SOAP API "/soap/serversa" by supplying a malicious X-Forwarded-For header of the device's LAN IP address 192.168.1.1 in every request. As a result, an attacker may...

6.4CVSS9.5AI score0.00711EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2020/02/24 7:15 p.m.20 views

Cross site scripting

In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, an attacker may execute stored XSS attacks against this device by supplying a malicious X-Forwarded-For header while performing an incorrect login attempt. The value supplied by this header will be inserted into administrative logs, found at Advanc...

4.3CVSS6AI score0.0095EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2020/02/24 6:16 p.m.46 views

CVE-2019-12513

The CVE-2019-12513 issue affects NETGEAR Nighthawk X10-R900 (firmware prior to 1.0.4.24). A malicious DHCP Discover containing a crafted hostname can trigger a stored XSS: the device logs the hostname in an Administration Logs entry, which attackers can view to execute the payload. Vulnerability ...

6.1CVSS6AI score0.00819EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/02/24 6:16 p.m.14 views

CVE-2019-12513 Stored XSS via DHCP Discover Request Hostname

In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, by sending a DHCP discover request containing a malicious hostname field, an attacker may execute stored XSS attacks against this device. When the malicious DHCP request is received, the device will generate a log entry containing the malicious...

6AI score0.00819EPSS
Exploits1References1
CVE
CVE
added 2020/02/24 6:16 p.m.54 views

CVE-2019-12512

Affected product: NETGEAR Nighthawk X10-R900 router with firmware prior to 1.0.4.24. Vulnerability: stored XSS via a malicious X-Forwarded-For header during an incorrect login attempt. The crafted header value is written into administrative logs (Advanced settings → Administration → Logs) and can...

6.1CVSS6AI score0.0095EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/02/24 6:16 p.m.24 views

CVE-2019-12510 Auth Bypass Via X-Forwarded-For Header in SOAP API

In NETGEAR Nighthawk X10-R900 prior to 1.0.4.26, an attacker may bypass all authentication checks on the device's "NETGEAR Genie" SOAP API "/soap/serversa" by supplying a malicious X-Forwarded-For header of the device's LAN IP address 192.168.1.1 in every request. As a result, an attacker may...

9.4AI score0.00711EPSS
Exploits1References1
CVE
CVE
added 2020/02/24 6:16 p.m.56 views

CVE-2019-12510

Netgear Nighthawk X10-R9000 devices with firmware

9.1CVSS9.6AI score0.00711EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder