Vulnerability Description
NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control because the ok value of the auth cookie is a special case.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netgear | Jnr1010 Firmware | < 1.0.0.32 |
| Netgear | Jnr1010 | - |
Related Weaknesses (CWE)
References
- https://cybersecurityworks.com/zerodays/cve-2016-11014-netgear.htmlExploitThird Party Advisory
- https://github.com/cybersecurityworks/Disclosed/issues/14ExploitThird Party Advisory
- https://khalil-shreateh.com/khalil.shtml/it-highlights/593-Netgear-1.0.0.24-BypaExploitThird Party Advisory
- https://lists.openwall.net/full-disclosure/2016/01/11/5ExploitMailing ListThird Party Advisory
- https://packetstormsecurity.com/files/135216/Netgear-1.0.0.24-Bypass-Improper-SeExploitThird Party AdvisoryVDB Entry
- https://cybersecurityworks.com/zerodays/cve-2016-11014-netgear.htmlExploitThird Party Advisory
- https://github.com/cybersecurityworks/Disclosed/issues/14ExploitThird Party Advisory
- https://khalil-shreateh.com/khalil.shtml/it-highlights/593-Netgear-1.0.0.24-BypaExploitThird Party Advisory
- https://lists.openwall.net/full-disclosure/2016/01/11/5ExploitMailing ListThird Party Advisory
- https://packetstormsecurity.com/files/135216/Netgear-1.0.0.24-Bypass-Improper-SeExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2016-11014?
CVE-2016-11014 is a vulnerability with a CVSS score of 9.8 (CRITICAL). NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control because the ok value of the auth cookie is a special case.
How severe is CVE-2016-11014?
CVE-2016-11014 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2016-11014?
Check the references section above for vendor advisories and patch information. Affected products include: Netgear Jnr1010 Firmware, Netgear Jnr1010.