CVE-2019-14526

Name: CVE-2019-14526
Creator: NVD / NIST
Published: 2019-08-14T21:15:13.563+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.69%

Last modified Jun 17, 2026

CVE-2019-14526 is a vulnerability of currently unknown severity. An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. The web-interface Cross-Site Request Forgery token is stored in a dynamically generated JavaScript file, and therefore can be embedded in third party pages, and re-used against the Nighthawk web interface. EPSS estimates a 0.69% chance of exploitation in the next 30 days.

Description

An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. The web-interface Cross-Site Request Forgery token is stored in a dynamically generated JavaScript file, and therefore can be embedded in third party pages, and re-used against the Nighthawk web interface. This entirely bypasses the intended security benefits of the use of a CSRF-protection token.

Metrics

EPSS Probability

0.69%

48.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-352

Affected Software

Vendor	Product	Versions
Netgear	Mr1100 Firmware	< 12.06.03

References

https://www.pentestpartners.com/security-blog/how-not-to-do-cross-site-request-forgery-protection-the-netgear-nighthawk-m1/Exploit, Third Party Advisory
https://www.pentestpartners.com/security-blog/how-not-to-do-cross-site-request-forgery-protection-the-netgear-nighthawk-m1/Exploit, Third Party Advisory

Timeline

Published: Aug 14, 2019
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2019-14526?

How severe is CVE-2019-14526?

Severity scoring for CVE-2019-14526 is pending analysis. The EPSS model estimates a 0.69% probability of exploitation in the next 30 days.

How do I fix CVE-2019-14526?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-14526?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST