5 matches found
NETGEAR Nighthawk X10-R9000 Cross-Site Scripting Vulnerability
The NETGEAR Nighthawk X10-R9000 is a wireless router from NETGEAR. A cross-site scripting vulnerability exists in the NETGEAR Nighthawk X10-R9000 using firmware prior to version 1.0.4.24. The vulnerability stems from a lack of proper validation of client data by the WEB application. An attacker c...
CVE-2019-12511
In NETGEAR Nighthawk X10-R9000 prior to 1.0.4.26, an attacker may execute arbitrary system commands as root by sending a specially-crafted MAC address to the "NETGEAR Genie" SOAP endpoint at AdvancedQoS:GetCurrentBandwidthByMAC. Although this requires QoS being enabled, advanced QoS being enabled...
Spoofing
In NETGEAR Nighthawk X10-R9000 prior to 1.0.4.26, an attacker may execute arbitrary system commands as root by sending a specially-crafted MAC address to the "NETGEAR Genie" SOAP endpoint at AdvancedQoS:GetCurrentBandwidthByMAC. Although this requires QoS being enabled, advanced QoS being enabled...
CVE-2019-12511 Root Command Injection via MAC Address in SOAPĀ API
In NETGEAR Nighthawk X10-R9000 prior to 1.0.4.26, an attacker may execute arbitrary system commands as root by sending a specially-crafted MAC address to the "NETGEAR Genie" SOAP endpoint at AdvancedQoS:GetCurrentBandwidthByMAC. Although this requires QoS being enabled, advanced QoS being enabled...
CVE-2019-12511
Affected product: NETGEAR Nighthawk X10-R9000 with firmware before 1.0.4.26. CVE-2019-12511 enables arbitrary root commands by sending a crafted MAC to the NETGEAR Genie SOAP endpoint AdvancedQoS:GetCurrentBandwidthByMAC; exploitation requires QoS and advanced QoS enabled and a valid JWT. It is l...