Cross-Site Request Forgery in NETGEAR JNR1010 Devices
CVE-2016-11015

6.5MEDIUM

Key Information:

Vendor

Netgear
Status
Jnr1010 Firmware
Vendor
CVE Published:
16 October 2019

What is CVE-2016-11015?

The NETGEAR JNR1010 devices prior to version 1.0.0.32 are susceptible to a Cross-Site Request Forgery (CSRF) vulnerability that allows unauthorized modification of the device's URL filter settings. This vulnerability can be exploited through a specially crafted request sent to the device’s web interface, which may lead to the alteration of the BlackList URL parameter, thus compromising the security and functionality of the affected devices.

References

https://lists.openwall.net/full-disclosure/2016/01/11/4
x_refsource_MISC
https://github.com/cybersecurityworks/Disclosed/issues/13
x_refsource_MISC
https://packetstormsecurity.com/files/135215/Netgear-1.0....
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.