Free Trial

NETGEAR JNR1010 devices before 1.0.0.32 hacks

http://pratergroup.co.uk/fire-damage-reinstatement/ Overview :
NETGEAR JNR1010 devices flaws
Vélez-Málaga Affected Product(s) :
  • Netgear Router JNR1010 Version 1.0.0.24
Vulnerability Details :
CVE ID : CVE-2016-11014
This flaw may allow a successful attacker to do anything gaining the privilege of the router being in LAN/WAN.
CVE ID : CVE-2016-11015
Using this flaw, an attacker can cause victims to change any data the victim is allowed to change or perform any function the victim is authorized to use.
CVE ID : CVE-2016-11016
Created a forged request changing the value of any variable, here it is *:InternetGatewayDevice.X_TWSZ-COM_URL_Filter.BlackList.1.URL *variable in the URL http://router-ip/cgi-bin/webproc and sent it to victim forcing him/her to click on the malicious link

Solution :
https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2024-6121 : NI SYSTEMLINK SERVER/FLEXLOGGER REDIS VULNERABLE THIRD-PARTY COMPONENT

CVE-2024-6121 : NI SYSTEMLINK SERVER/FLEXLOGGER REDIS VULNERABLE THIRD-PARTY COMPONENT

Description An out-of-date version of Redis shipped with NI SystemLink Server is susceptible to multiple vulnerabilities, including CVE-2022-24834. This affects

Learn more
CVE-2024-40634 : ARGOPROJ ARGO-CD UP TO 2.9.19/2.10.14/2.11.5 /API/WEBHOOK RESOURCE CONSUMPTION

CVE-2024-40634 : ARGOPROJ ARGO-CD UP TO 2.9.19/2.10.14/2.11.5 /API/WEBHOOK RESOURCE CONSUMPTION

Description Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. This report details a security vulnerability in Argo

Learn more
CVE-2024-39685 : FISHAUDIO BERT-VITS2 UP TO 2.3 RESAMPLE DATA_DIR OS COMMAND INJECTION

CVE-2024-39685 : FISHAUDIO BERT-VITS2 UP TO 2.3 RESAMPLE DATA_DIR OS COMMAND INJECTION

Description Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the data_dir variable is used directly in

Learn more