Lucene search
K

5 matches found

CNVD
CNVD
•added 2020/02/25 12:0 a.m.•3 views

NETGEAR Nighthawk X10-R9000 Cross-Site Scripting Vulnerability

The NETGEAR Nighthawk X10-R9000 is a wireless router from NETGEAR. A cross-site scripting vulnerability exists in the NETGEAR Nighthawk X10-R9000 using firmware prior to version 1.0.4.24. The vulnerability stems from a lack of proper validation of client data by the WEB application. An attacker c...

6.1CVSS6.4AI score0.00819EPSS
Exploits1References1
NVD
NVD
•added 2020/02/24 7:15 p.m.•20 views

CVE-2019-12511

In NETGEAR Nighthawk X10-R9000 prior to 1.0.4.26, an attacker may execute arbitrary system commands as root by sending a specially-crafted MAC address to the "NETGEAR Genie" SOAP endpoint at AdvancedQoS:GetCurrentBandwidthByMAC. Although this requires QoS being enabled, advanced QoS being enabled...

9.8CVSS10AI score0.02267EPSS
Exploits1References1
Prion
Prion
•added 2020/02/24 7:15 p.m.•23 views

Spoofing

In NETGEAR Nighthawk X10-R9000 prior to 1.0.4.26, an attacker may execute arbitrary system commands as root by sending a specially-crafted MAC address to the "NETGEAR Genie" SOAP endpoint at AdvancedQoS:GetCurrentBandwidthByMAC. Although this requires QoS being enabled, advanced QoS being enabled...

9.3CVSS10AI score0.02267EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
•added 2020/02/24 6:16 p.m.•23 views

CVE-2019-12511 Root Command Injection via MAC Address in SOAPĀ API

In NETGEAR Nighthawk X10-R9000 prior to 1.0.4.26, an attacker may execute arbitrary system commands as root by sending a specially-crafted MAC address to the "NETGEAR Genie" SOAP endpoint at AdvancedQoS:GetCurrentBandwidthByMAC. Although this requires QoS being enabled, advanced QoS being enabled...

10AI score0.02267EPSS
Exploits1References1
CVE
CVE
•added 2020/02/24 6:16 p.m.•58 views

CVE-2019-12511

Affected product: NETGEAR Nighthawk X10-R9000 with firmware before 1.0.4.26. CVE-2019-12511 enables arbitrary root commands by sending a crafted MAC to the NETGEAR Genie SOAP endpoint AdvancedQoS:GetCurrentBandwidthByMAC; exploitation requires QoS and advanced QoS enabled and a valid JWT. It is l...

9.8CVSS10AI score0.02267EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder