VYPR

Nighthawk X10-R900

by Netgear

CVEs (4)

  • CVE-2019-12513Feb 24, 2020
    risk 0.00cvss epss 0.01

    In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, by sending a DHCP discover request containing a malicious hostname field, an attacker may execute stored XSS attacks against this device. When the malicious DHCP request is received, the device will generate a log entry containing…

  • CVE-2019-12512Feb 24, 2020
    risk 0.00cvss epss 0.01

    In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, an attacker may execute stored XSS attacks against this device by supplying a malicious X-Forwarded-For header while performing an incorrect login attempt. The value supplied by this header will be inserted into administrative…

  • CVE-2019-12511Feb 24, 2020
    risk 0.00cvss epss 0.02

    In NETGEAR Nighthawk X10-R9000 prior to 1.0.4.26, an attacker may execute arbitrary system commands as root by sending a specially-crafted MAC address to the "NETGEAR Genie" SOAP endpoint at AdvancedQoS:GetCurrentBandwidthByMAC. Although this requires QoS being enabled, advanced…

  • CVE-2019-12510Feb 24, 2020
    risk 0.00cvss epss 0.01

    In NETGEAR Nighthawk X10-R900 prior to 1.0.4.26, an attacker may bypass all authentication checks on the device's "NETGEAR Genie" SOAP API ("/soap/server_sa") by supplying a malicious X-Forwarded-For header of the device's LAN IP address (192.168.1.1) in every request. As a…