Vulnerabilities > Netgear > Jnr1010 Firmware

DATE CVE VULNERABILITY TITLE RISK
2019-10-16 CVE-2016-11016 Cross-site Scripting vulnerability in Netgear Jnr1010 Firmware
NETGEAR JNR1010 devices before 1.0.0.32 allow webproc?getpage= XSS.
network
netgear CWE-79
4.3
4.3
2019-10-16 CVE-2016-11015 Cross-Site Request Forgery (CSRF) vulnerability in Netgear Jnr1010 Firmware
NETGEAR JNR1010 devices before 1.0.0.32 allow cgi-bin/webproc CSRF via the :InternetGatewayDevice.X_TWSZ-COM_URL_Filter.BlackList.1.URL parameter.
network
netgear CWE-352
4.3
4.3
2019-10-16 CVE-2016-11014 Insufficient Session Expiration vulnerability in Netgear Jnr1010 Firmware
NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control because the ok value of the auth cookie is a special case.
network
low complexity
netgear CWE-613
7.5
7.5