NETGEAR JNR1010 devices before 1.0.0.32 Cross-Site Request Forgery (CSRF) Vulnerability

Summary

An attacker can cause victims to change any data the victim is allowed to change or perform any function the victim is authorized to use.

Credit:

The information has been provided by Sathish 

The original article can be found at: https://github.com/cybersecurityworks/Disclosed/issues/13

 


Details

NETGEAR JNR1010 devices before 1.0.0.32 allow cgi-bin/webproc CSRF via the :InternetGatewayDevice.X_TWSZ-COM_URL_Filter.BlackList.1.URL parameter.

NETGEAR JNR1010 devices before 1.0.0.32 allow cgi-bin/webproc CSRF via the :InternetGatewayDevice.X_TWSZ-COM_URL_Filter.BlackList.1.URL parameter.

Vulnerable Systems:

NETGEAR JNR1010 devices before 1.0.0.32 

CVE Information:

CVE-2016-11015

Disclosure Timeline:
Published Date:10/16/2019

Categories: News