PT-2019-7807 · NetGear · Netgear Jnr1010

Sathish Kumar

Published

2019-10-16

Updated

2020-11-10

CVE-2016-11014

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions NETGEAR JNR1010 versions prior to 1.0.0.32

Description The issue is related to Incorrect Access Control due to the ok value of the auth cookie being a special case.

Recommendations For versions prior to 1.0.0.32, update to version 1.0.0.32 or later to resolve the issue.

Exploit

Fix

Insufficient Session Expiration

Found an issue in the description? Have something to add? Feel free to write us 👾

CVE-2016-11014

Netgear Jnr1010