CVE-2019-20487

Name of the Vulnerable Software and Affected Versions NETGEAR WNR1000V4 version 1.1.0.54

Description An issue was discovered in the WNR1000V4 web management console, where multiple actions are vulnerable to an unauthenticated GET request, which can be exploited directly or through CSRF, as demonstrated by the "setup.cgi?todo=save htp account" URI.

Recommendations For NETGEAR WNR1000V4 version 1.1.0.54, as a temporary workaround, consider restricting access to the web management console to minimize the risk of exploitation. Avoid using the setup.cgi endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.