Vulnerabilities > CVE-2016-11014 - Insufficient Session Expiration vulnerability in Netgear Jnr1010 Firmware
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control because the ok value of the auth cookie is a special case.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 1 | |
| Hardware | 1 |
Common Weakness Enumeration (CWE)
References
- https://packetstormsecurity.com/files/135216/Netgear-1.0.0.24-Bypass-Improper-Session-Management.html
- https://github.com/cybersecurityworks/Disclosed/issues/14
- https://lists.openwall.net/full-disclosure/2016/01/11/5
- https://khalil-shreateh.com/khalil.shtml/it-highlights/593-Netgear-1.0.0.24-Bypass---Improper-Session-Management--.html
- https://cybersecurityworks.com/zerodays/cve-2016-11014-netgear.html