CVE-2019-12510

CRITICAL Year: 2019
CVSS v3 Score
9.1
Critical
CVSS v2 Score
6.4
Medium
Weakness Type
CWE-345
View all →

Vulnerability Description

In NETGEAR Nighthawk X10-R900 prior to 1.0.4.26, an attacker may bypass all authentication checks on the device's "NETGEAR Genie" SOAP API ("/soap/server_sa") by supplying a malicious X-Forwarded-For header of the device's LAN IP address (192.168.1.1) in every request. As a result, an attacker may modify almost all of the device's settings and view various configuration settings.

Related Vulnerabilities

CVE-2015-6853

CRITICAL
CVSS:9.1(Critical)

The Domino web agent in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, R12.5 before CR5, R12.51 before CR4, and R12.52 before SP1 CR3 allows remot...

CWE-3452015

CVE-2015-6854

CRITICAL
CVSS:9.1(Critical)

The non-Domino web agents in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, and R12.5 before CR5 allow remote attackers to cause a denial of servi...

CWE-3452015

CVE-2019-5161

CRITICAL
CVSS:9.1(Critical)

An exploitable remote code execution vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). A specially crafted XML file wil...

CWE-3452019

CVE-2023-28863

CRITICAL
CVSS:9.1(Critical)

AMI MegaRAC SPx12 and SPx13 devices have Insufficient Verification of Data Authenticity.

CWE-3452023

CVE-2025-27558

CRITICAL
CVSS:9.1(Critical)

IEEE P802.11-REVme D1.1 through D7.0 allows FragAttacks against mesh networks. In mesh networks using Wi-Fi Protected Access (WPA, WPA2, or WPA3) or Wired Equivalent Privacy (WEP), an adversary can ex...

CWE-3452025

CVE-2025-27680

CRITICAL
CVSS:9.1(Critical)

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.750 Application 20.0.1442 allows Insecure Firmware Image with Insufficient Verification of Data Authenticity V-2024-004.

CWE-3452025