Unrated severityNVD Advisory· Published Feb 24, 2020· Updated Aug 4, 2024
Auth Bypass Via X-Forwarded-For Header in SOAP API
CVE-2019-12510
Description
In NETGEAR Nighthawk X10-R900 prior to 1.0.4.26, an attacker may bypass all authentication checks on the device's "NETGEAR Genie" SOAP API ("/soap/server_sa") by supplying a malicious X-Forwarded-For header of the device's LAN IP address (192.168.1.1) in every request. As a result, an attacker may modify almost all of the device's settings and view various configuration settings.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- NETGEAR/Nighthawk X10-R900description
- Range: <1.0.4.26
Patches
Vulnerability mechanics
References
1- www.ise.io/casestudies/sohopelessly-broken-2-0/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.