Ghost_Fh

Name of the Vulnerable Software and Affected Versions: NETGEAR WC7500 versions prior to 6.5.5.24 NETGEAR WC7600 versions prior to 6.5.5.24 NETGEAR WC7600v2 versions prior to 6.5.5.24 NETGEAR WC9500 versions prior to 6.5.5.24 Description: The issue is related to insufficient input data validation, which can be exploited to execute arbitrary commands by an authenticated user. This allows an attacker to potentially gain control over the affected devices. Recommendations: For NETGEAR WC7500 versions prior to 6.5.5.24, update to version 6.5.5.24 or later. For NETGEAR WC7600 versions prior to 6.5.5.24, update to version 6.5.5.24 or later. For NETGEAR WC7600v2 versions prior to 6.5.5.24, update to version 6.5.5.24 or later. For NETGEAR WC9500 versions prior to 6.5.5.24, update to version 6.5.5.24 or later.

Name of the Vulnerable Software and Affected Versions: NETGEAR WC7500 versions prior to 6.5.5.24 NETGEAR WC7600 versions prior to 6.5.5.24 NETGEAR WC7600v2 versions prior to 6.5.5.24 NETGEAR WC9500 versions prior to 6.5.5.24 Description: The issue is related to stored XSS and is caused by the failure to protect the web page structure. This could allow a remote attacker to perform cross-site scripting attacks. Recommendations: For NETGEAR WC7500 versions prior to 6.5.5.24, update to version 6.5.5.24 or later. For NETGEAR WC7600 versions prior to 6.5.5.24, update to version 6.5.5.24 or later. For NETGEAR WC7600v2 versions prior to 6.5.5.24, update to version 6.5.5.24 or later. For NETGEAR WC9500 versions prior to 6.5.5.24, update to version 6.5.5.24 or later.

**Name of the Vulnerable Software and Affected Versions** rConfig version 3.9.4 **Description** The issue is related to cross-site request forgery (CSRF) due to the lack of CSRF protection, such as a CSRF token. An attacker can exploit this by creating a form to add, delete, or edit a user. **Recommendations** For rConfig version 3.9.4, consider implementing CSRF protection, such as a CSRF token, to prevent cross-site request forgery attacks. As a temporary workaround, restrict access to user management functions to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** CSRF Magic library through 2016-03-27 **Description** The issue in the CSRF Magic library allows a remote attacker to bypass CSRF protection by tampering with the csrf token values. This can be exploited by crafting a malicious page and dispersing it to a victim via social engineering, enticing them to click the link. However, a third-party maintainer has disputed this, stating that the `csrf callback` function is a callback to the caller's own handler for output and can be changed via configuration. They claim that an attacker cannot change tokens to make them valid from the client side, and the only possible action is to pull the token out of the javascript, which is always possible and unrelated to the callback. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.