Cross-Site Scripting Vulnerability in NETGEAR JNR1010 Devices
CVE-2016-11016

6.1MEDIUM

Key Information:

Vendor
Netgear
Status
Jnr1010 Firmware
Vendor
CVE Published:
16 October 2019

Summary

NETGEAR JNR1010 devices prior to version 1.0.0.32 are susceptible to Cross-Site Scripting (XSS) attacks via the webproc interface. An attacker can exploit this vulnerability by injecting malicious scripts into web pages viewed by users, potentially allowing unauthorized access to sensitive information or manipulation of web content. Users are advised to update to the latest firmware version to mitigate the risks associated with this security flaw.

References

https://lists.openwall.net/full-disclosure/2016/01/11/1
x_refsource_MISC
https://github.com/cybersecurityworks/Disclosed/issues/12
x_refsource_MISC
https://packetstormsecurity.com/files/135194/Netgear-1.0....
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.