PT-2019-13733 · NetGear · Netgear Nighthawk M1

G Richter

Published

2019-08-14

Updated

2019-08-27

CVE-2019-14526

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions NETGEAR Nighthawk M1 (MR1100) versions prior to 12.06.03

Description An issue allows the web-interface Cross-Site Request Forgery token to be stored in a dynamically generated JavaScript file. This token can be embedded in third-party pages and re-used against the Nighthawk web interface, bypassing the intended security benefits of the CSRF-protection token.

Recommendations For versions prior to 12.06.03, update to version 12.06.03 or later to resolve the issue.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2019-14526

Affected Products

Netgear Nighthawk M1

PT-2019-13733 · NetGear · Netgear Nighthawk M1

CVE-2019-14526

Weakness Enumeration

Related Identifiers

Affected Products

References · 3