CVE-2016-11015 — Cross-Site Request Forgery in Netgear Jnr1010 Firmware

Severity

6.5MEDIUMNVD

EPSS

0.2%

top 52.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedOct 16

Latest updateMay 24

Description

NETGEAR JNR1010 devices before 1.0.0.32 allow cgi-bin/webproc CSRF via the :InternetGatewayDevice.X_TWSZ-COM_URL_Filter.BlackList.1.URL parameter.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

GHSA

GHSA-5qvv-3hqr-m2r8: NETGEAR JNR1010 devices before 1↗2022-05-24

▶

CVEList

CVE-2016-11015: NETGEAR JNR1010 devices before 1↗2019-10-16

▶