1. Home
  2. CVE Database
  3. CVE-2019-12510
CRITICAL · 9.1

CVE-2019-12510

In NETGEAR Nighthawk X10-R900 prior to 1.0.4.26, an attacker may bypass all authentication checks on the device's "NETGEAR Genie" SOAP API ("/soap/server_sa") by supplying a malicious X-Forwarded-For ...

Vulnerability Description

In NETGEAR Nighthawk X10-R900 prior to 1.0.4.26, an attacker may bypass all authentication checks on the device's "NETGEAR Genie" SOAP API ("/soap/server_sa") by supplying a malicious X-Forwarded-For header of the device's LAN IP address (192.168.1.1) in every request. As a result, an attacker may modify almost all of the device's settings and view various configuration settings.

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
NONE

Affected Products

VendorProductVersions
NetgearNighthawk X10-R9000 Firmware< 1.0.4.26
NetgearNighthawk X10-R9000-

Related Weaknesses (CWE)

CWE-345

References

FAQ

What is CVE-2019-12510?

CVE-2019-12510 is a vulnerability with a CVSS score of 9.1 (CRITICAL). In NETGEAR Nighthawk X10-R900 prior to 1.0.4.26, an attacker may bypass all authentication checks on the device's "NETGEAR Genie" SOAP API ("/soap/server_sa") by supplying a malicious X-Forwarded-For ...

How severe is CVE-2019-12510?

CVE-2019-12510 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2019-12510?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear Nighthawk X10-R9000 Firmware, Netgear Nighthawk X10-R9000.