Securin Zero-Days

CVE-2016-11015 – Cross-Site Request Forgery in Netgear Router




Affected Product




Securin ID





October 28, 2015


A Cross-site request forgery vulnerability was identified on NETGEAR JNR1010 devices before allow cgibin/webprocCSRFviathe: InternetGatewayDevice. X_TWSZCOM_URL_Filter.BlackList.1.URL parameter. This vulnerability is due to insufficient CSRF protections for the web UI on an affected device.

Proof of Concept (POC):

We created a forged request by changing the value of any variable. In InternetGatewayDevice.X_TWSZ-COM_URL_Filter.BlackList.1 variable in the URL http://router-ip/cgi-bin/webproc was sent to the victim by forcing him/her to click on the malicious link generated by an attacker. With different sessions, it allows the attacker to change the settings of the victim’s router.

Figure 01: Blocked site keywords before the CSRF request was sent to the victim.

Figure 02: CSRF Request is created by changing the Blocklist URL variable.


Figure 03: CSRF request is successfully submitted in the victim’s browser.

Note: Similarly, we can manipulate any request and can force the victim to access the link generated by the attacker to make changes to the router settings without the victim’s knowledge.


An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user.


Download the latest updated firmware and update it as per vendor advisory.


Oct 28, 2015: Discovered vulnerability in Netgear Router Firmware Version
Oct 28, 2015: Reported to vendor.
Nov 03, 2015: Netgear’s technical team address the issue after follow-up
Dec 13, 2015: Vulnerability got fixed
Dec 30, 2015: Updated Netgear Router JNR1010 version was released

Let Securin level up your security posture!