Vulnerability CVE-2016-11014
Published: 2019-10-16

Description:
NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control because the ok value of the auth cookie is a special case.

 References:
https://github.com/cybersecurityworks/Disclosed/issues/14
https://khalil-shreateh.com/khalil.shtml/it-highlights/593-Netgear-1.0.0.24-Bypass---Improper-Session-Management--.html
https://lists.openwall.net/full-disclosure/2016/01/11/5
https://packetstormsecurity.com/files/135216/Netgear-1.0.0.24-Bypass-Improper-Session-Management.html
Copyright 2024, cxsecurity.com

 

Back to Top