Vulnerability Description
An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. System commands can be executed, via the web interface, after authentication.
CVSS Score
9.8
CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netgear | Mr1100 Firmware | < 12.06.03 |
| Netgear | Mr1100 | - |
Related Weaknesses (CWE)
References
- https://www.pentestpartners.com/security-blog/how-not-to-do-cross-site-request-fExploitThird Party Advisory
- https://www.bleepingcomputer.com/news/security/4g-router-vulnerabilities-let-attPress/Media CoverageThird Party Advisory
- https://www.pentestpartners.com/security-blog/how-not-to-do-cross-site-request-fExploitThird Party Advisory
FAQ
What is CVE-2019-14527?
CVE-2019-14527 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. System commands can be executed, via the web interface, after authentication.
How severe is CVE-2019-14527?
CVE-2019-14527 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-14527?
Check the references section above for vendor advisories and patch information. Affected products include: Netgear Mr1100 Firmware, Netgear Mr1100.