First published: Wed Aug 14 2019(Updated: )
An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. The web-interface Cross-Site Request Forgery token is stored in a dynamically generated JavaScript file, and therefore can be embedded in third party pages, and re-used against the Nighthawk web interface. This entirely bypasses the intended security benefits of the use of a CSRF-protection token.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Netgear Mr1100 Firmware | <12.06.03 | |
NETGEAR MR1100 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)