Mr1100 Firmware

mr1100_firmware

Vendor: Netgear • 5 CVEs

CVEs (5)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-20679 1Netgear 1Mr1100 Firmware Nov 21, 2024 Apr 15, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 NETGEAR MR1100 devices before 12.06.08.00 are affected by lack of access control at the function level.
CVE-2019-20649 1Netgear 1Mr1100 Firmware Nov 21, 2024 Apr 15, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 NETGEAR MR1100 devices before 12.06.08.00 are affected by disclosure of sensitive information.
CVE-2019-20638 1Netgear 1Mr1100 Firmware Nov 21, 2024 Apr 15, 2020 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 NETGEAR MR1100 devices before 12.06.08.00 are affected by disclosure of administrative credentials.
CVE-2019-14527 1Netgear 1Mr1100 Firmware Nov 21, 2024 Aug 14, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. System commands can be executed, via the web interface, after authentication.
CVE-2019-14526 1Netgear 1Mr1100 Firmware Nov 21, 2024 Aug 14, 2019 N/A· v4 8.1 HIGH· v3 5.8 MEDIUM· v2 An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. The web-interface Cross-Site Request Forgery token is stored in a dynamically generated JavaScript file, and therefore can be embedded in...Show more An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. The web-interface Cross-Site Request Forgery token is stored in a dynamically generated JavaScript file, and therefore can be embedded in third party pages, and re-used against the Nighthawk web interface. This entirely bypasses the intended security benefits of the use of a CSRF-protection token.Show less