First published: Mon Feb 24 2020(Updated: )
In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, an attacker may execute stored XSS attacks against this device by supplying a malicious X-Forwarded-For header while performing an incorrect login attempt. The value supplied by this header will be inserted into administrative logs, found at Advanced settings->Administration->Logs, and may trigger when the page is viewed. Although this value is inserted into a textarea tag, the attack simply needs to supply a closing textarea tag.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Netgear Nighthawk X10-r9000 Firmware | <1.0.4.24 | |
NETGEAR Nighthawk X10-R9000 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-12512 is a vulnerability in NETGEAR Nighthawk X10-R900 prior to version 1.0.4.24 that allows an attacker to execute stored XSS attacks.
An attacker can exploit CVE-2019-12512 by supplying a malicious X-Forwarded-For header during an incorrect login attempt, which will be inserted into administrative logs.
CVE-2019-12512 has a severity rating of 6.1 (medium).
NETGEAR Nighthawk X10-R900 firmware versions prior to 1.0.4.24 are affected by CVE-2019-12512.
To fix CVE-2019-12512, update your NETGEAR Nighthawk X10-R900 firmware to version 1.0.4.24 or later.