CVE-2019-14527

Опубликовано: 14 авг. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Низкий

Описание

An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. System commands can be executed, via the web interface, after authentication.

Ссылки

https://www.pentestpartners.com/security-blog/how-not-to-do-cross-site-request-forgery-protection-the-netgear-nighthawk-m1/
Exploit
Third Party Advisory
https://www.bleepingcomputer.com/news/security/4g-router-vulnerabilities-let-attackers-take-full-control/
Press/Media Coverage
Third Party Advisory
https://www.pentestpartners.com/security-blog/how-not-to-do-cross-site-request-forgery-protection-the-netgear-nighthawk-m1/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:netgear:mr1100_firmware:*:*:*:*:*:*:*:*

Версия до 12.06.03 (исключая)

cpe:2.3:h:netgear:mr1100:-:*:*:*:*:*:*:*

EPSS

Процентиль: 70%

0.00647

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-jq36-wchh-wc44