CVE-2016-11057

HIGH

NETGEAR Multiple Routers < 2017-01-06 - Authentication Bypass via Repeated URL Calls

Title source: llm

Description

Certain NETGEAR devices are affected by mishandling of repeated URL calls. This affects JNR1010v2 before 2017-01-06, WNR614 before 2017-01-06, WNR618 before 2017-01-06, JWNR2000v5 before 2017-01-06, WNR2020 before 2017-01-06, JWNR2010v5 before 2017-01-06, WNR1000v4 before 2017-01-06, WNR2020v2 before 2017-01-06, R6220 before 2017-01-06, and WNDR3700v5 before 2017-01-06.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://kb.netgear.com/29960/NETGEAR-Product-Vulnerability-Advisory-Potential-security-issue-associated-with-remote-management

Scores

CVSS v3 7.5

EPSS 0.0034

EPSS Percentile 56.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-287

Status published

Products (9)

netgear/jnr1010_firmware < 2017-01-06

netgear/jwnr2000_firmware < 2017-01-06

netgear/jwnr2010_firmware < 2017-01-06

netgear/r6220_firmware < 2017-01-06

netgear/wndr3700_firmware < 2017-01-06

netgear/wnr1000_firmware < 2017-01-06

netgear/wnr2020_firmware < 2017-01-06

netgear/wnr614_firmware < 2017-01-06

netgear/wnr618_firmware < 2017-01-06

Published Apr 28, 2020

Tracked Since Feb 18, 2026