CVE-2016-11014 β€” Insufficient Session Expiration in Netgear Jnr1010 Firmware

CWE-613 β€” Insufficient Session Expiration3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.4%
top 36.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Netgear Jnr1010 Firmware
Timeline
PublishedOct 16
Latest updateMay 24

Description

NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control because the ok value of the auth cookie is a special case.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

β–ΆNVDnetgear/jnr1010_firmware< 1.0.0.32

πŸ”΄Vulnerability Details

2
GHSA
GHSA-xpqj-27x8-277f: NETGEAR JNR1010 devices before 1β†—2022-05-24
β–Ά
CVEList
CVE-2016-11014: NETGEAR JNR1010 devices before 1β†—2019-10-16
β–Ά
CVE-2016-11014 β€” Insufficient Session Expiration | cvebase