) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:h:netgear:mr1100:-:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2019-20679 |
NETGEAR MR1100 devices before 12.06.08.00 are affected by lack of access control at the function level. Published: April 15, 2020; 4:15:14 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2019-20649 |
NETGEAR MR1100 devices before 12.06.08.00 are affected by disclosure of sensitive information. Published: April 15, 2020; 2:15:14 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2019-20638 |
NETGEAR MR1100 devices before 12.06.08.00 are affected by disclosure of administrative credentials. Published: April 15, 2020; 2:15:13 PM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
| CVE-2019-14527 |
An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. System commands can be executed, via the web interface, after authentication. Published: August 14, 2019; 5:15:13 PM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 10.0 HIGH |
| CVE-2019-14526 |
An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. The web-interface Cross-Site Request Forgery token is stored in a dynamically generated JavaScript file, and therefore can be embedded in third party pages, and re-used against the Nighthawk web interface. This entirely bypasses the intended security benefits of the use of a CSRF-protection token. Published: August 14, 2019; 5:15:13 PM -0400 |
V4.0:(not available) V3.0: 8.1 HIGH V2.0: 5.8 MEDIUM |