Mr1100 CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2019-20679	1 Netgear	2 Mr1100, Mr1100 Firmware	2024-11-21	9.8 Critical
NETGEAR MR1100 devices before 12.06.08.00 are affected by lack of access control at the function level.
CVE-2019-20649	1 Netgear	2 Mr1100, Mr1100 Firmware	2024-11-21	7.5 High
NETGEAR MR1100 devices before 12.06.08.00 are affected by disclosure of sensitive information.
CVE-2019-20638	1 Netgear	2 Mr1100, Mr1100 Firmware	2024-11-21	6.5 Medium
NETGEAR MR1100 devices before 12.06.08.00 are affected by disclosure of administrative credentials.
CVE-2019-14527	1 Netgear	2 Mr1100, Mr1100 Firmware	2024-11-21	N/A
An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. System commands can be executed, via the web interface, after authentication.
CVE-2019-14526	1 Netgear	2 Mr1100, Mr1100 Firmware	2024-11-21	N/A
An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. The web-interface Cross-Site Request Forgery token is stored in a dynamically generated JavaScript file, and therefore can be embedded in third party pages, and re-used against the Nighthawk web interface. This entirely bypasses the intended security benefits of the use of a CSRF-protection token.

Page 1 of 1.