Nighthawk X10-r9000 Firmware Security Vulnerabilities and Issues — Nighthawk X10-r9000 Firmware CVE List

Lucene search

NetgearNighthawk X10-r9000 Firmware

4 matches found

CVE•added 2020/02/24 7:15 p.m.•45 views

CVE-2019-12511

In NETGEAR Nighthawk X10-R9000 prior to 1.0.4.26, an attacker may execute arbitrary system commands as root by sending a specially-crafted MAC address to the "NETGEAR Genie" SOAP endpoint at AdvancedQoS:GetCurrentBandwidthByMAC. Although this requires QoS being enabled, advanced QoS being enabled, ...

9.8CVSS10AI score0.00431EPSS

CVE•added 2020/02/24 7:15 p.m.•42 views

CVE-2019-12510

In NETGEAR Nighthawk X10-R900 prior to 1.0.4.26, an attacker may bypass all authentication checks on the device's "NETGEAR Genie" SOAP API ("/soap/server_sa") by supplying a malicious X-Forwarded-For header of the device's LAN IP address (192.168.1.1) in every request. As a result, an attacker may ...

9.1CVSS9.6AI score0.00071EPSS

CVE•added 2020/02/24 7:15 p.m.•40 views

CVE-2019-12512

In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, an attacker may execute stored XSS attacks against this device by supplying a malicious X-Forwarded-For header while performing an incorrect login attempt. The value supplied by this header will be inserted into administrative logs, found at Advanced...

6.1CVSS6AI score0.0033EPSS

CVE•added 2020/02/24 7:15 p.m.•33 views

CVE-2019-12513

In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, by sending a DHCP discover request containing a malicious hostname field, an attacker may execute stored XSS attacks against this device. When the malicious DHCP request is received, the device will generate a log entry containing the malicious hostn...

6.1CVSS6AI score0.00328EPSS