An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. The web-interface Cross-Site Request Forgery token is stored in a dynamically generated JavaScript file, and therefore can be embedded in third party pages, and re-used against the Nighthawk web interface. This entire...
8.1CVSS
8AI Score
0.001EPSS
An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. System commands can be executed, via the web interface, after authentication.
9.8CVSS
9.5AI Score
0.012EPSS
NETGEAR MR1100 devices before 12.06.08.00 are affected by disclosure of administrative credentials.
6.5CVSS
6.5AI Score
0.001EPSS
NETGEAR MR1100 devices before 12.06.08.00 are affected by disclosure of sensitive information.
7.5CVSS
7.4AI Score
0.002EPSS
NETGEAR MR1100 devices before 12.06.08.00 are affected by lack of access control at the function level.
9.8CVSS
9.4AI Score
0.003EPSS