NETGEAR JNR1010 devices before 1.0.0.32 hacks

Overview :
NETGEAR JNR1010 devices flaws
Affected Product(s) :
  • Netgear Router JNR1010 Version 1.0.0.24
Vulnerability Details :
CVE ID : CVE-2016-11014
This flaw may allow a successful attacker to do anything gaining the privilege of the router being in LAN/WAN.
CVE ID : CVE-2016-11015
Using this flaw, an attacker can cause victims to change any data the victim is allowed to change or perform any function the victim is authorized to use.
CVE ID : CVE-2016-11016
Created a forged request changing the value of any variable, here it is *:InternetGatewayDevice.X_TWSZ-COM_URL_Filter.BlackList.1.URL *variable in the URL http://router-ip/cgi-bin/webproc and sent it to victim forcing him/her to click on the malicious link

Solution :
https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2024-53490 : CLOUDFAVORITES FAVORITES-WEB 1.3.0 SECURITYFILTER.JAVA PATH TRAVERSAL

CVE-2024-53490 : CLOUDFAVORITES FAVORITES-WEB 1.3.0 SECURITYFILTER.JAVA PATH TRAVERSAL

Description Favorites-web 1.3.0 favorites-web has a directory traversal vulnerability in SecurityFilter.java. References https://github.com/DYX217/directory-traversal For More Information CVERecord

CVE-2024-54679 : CYBERPANEL RESTARTMYSQL DENIAL OF SERVICE

CVE-2024-54679 : CYBERPANEL RESTARTMYSQL DENIAL OF SERVICE

Description CyberPanel (aka Cyber Panel) before 6778ad1 does not require the FilemanagerAdmin capability for restartMySQL actions. References https://github.com/usmannasir/cyberpanel/commit/6778ad1eaae41f72365da8fd021f9a60369600dc For More

CVE-2024-38829 : VMWARE SPRING LDAP UP TO 2.4.3/3.0.9/3.1.7/3.2.7 STRING.TOLOWERCASE/STRING.TOUPPERCASE CASE SENSITIVITY

CVE-2024-38829 : VMWARE SPRING LDAP UP TO 2.4.3/3.0.9/3.1.7/3.2.7 STRING.TOLOWERCASE/STRING.TOUPPERCASE CASE SENSITIVITY

Description A vulnerability in VMware Tanzu Spring LDAP allows data exposure for case sensitive comparisons. This issue affects Spring LDAP: