Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Stored XSS via X-Forwarded-For Header During Incorrect Login
Vulnerability Description
In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, an attacker may execute stored XSS attacks against this device by supplying a malicious X-Forwarded-For header while performing an incorrect login attempt. The value supplied by this header will be inserted into administrative logs, found at Advanced settings->Administration->Logs, and may trigger when the page is viewed. Although this value is inserted into a textarea tag, the attack simply needs to supply a closing textarea tag.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
NETGEAR Nighthawk X10-R9000 跨站脚本漏洞
Vulnerability Description
NETGEAR Nighthawk X10-R9000是美国网件(NETGEAR)公司的一款无线路由器。 使用1.0.4.24之前版本固件的NETGEAR Nighthawk X10-R9000中存在跨站脚本漏洞。该漏洞源于WEB应用缺少对客户端数据的正确验证。攻击者可利用该漏洞执行客户端代码。
CVSS Information
N/A
Vulnerability Type
N/A