Filtered by vendor Netgear
Subscriptions
Total
1133 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-20701 | 1 Netgear | 6 D3600, D3600 Firmware, D6000 and 3 more | 2021-07-21 | 8.0 High |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32. | ||||
| CVE-2019-20745 | 1 Netgear | 4 Wac505, Wac505 Firmware, Wac510 and 1 more | 2021-07-21 | 6.8 Medium |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WAC505 before 5.0.10.2 and WAC510 before 5.0.10.2. | ||||
| CVE-2019-20702 | 1 Netgear | 6 D3600, D3600 Firmware, D6000 and 3 more | 2021-07-21 | 8.0 High |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32. | ||||
| CVE-2020-11789 | 1 Netgear | 8 R6400, R6400 Firmware, R6700 and 5 more | 2021-07-21 | 9.8 Critical |
| Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects R6400v2 before 1.0.4.84, R6700 before 1.0.2.8, R6700v3 before 1.0.4.84, R6900 before 1.0.2.8, and R7900 before 1.0.3.10. | ||||
| CVE-2019-20698 | 1 Netgear | 4 Wac505, Wac505 Firmware, Wac510 and 1 more | 2021-07-21 | 6.5 Medium |
| Certain NETGEAR devices are affected by disclosure of sensitive information. This affects WAC505 before 8.0.5.5 and WAC510 before 8.0.5.5. | ||||
| CVE-2019-20648 | 1 Netgear | 2 Rn42400, Rn42400 Firmware | 2021-07-21 | 3.5 Low |
| NETGEAR RN42400 devices before 6.10.2 are affected by incorrect configuration of security settings. | ||||
| CVE-2019-20709 | 1 Netgear | 6 D3600, D3600 Firmware, D6000 and 3 more | 2021-07-21 | 8.0 High |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32. | ||||
| CVE-2019-20689 | 1 Netgear | 40 D6000, D6000 Firmware, D6100 and 37 more | 2021-07-21 | 6.8 Medium |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6000 before 1.0.0.75, D6100 before 1.0.0.63, EX2700 before 1.0.1.48, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.72, EX6400 before 1.0.2.136, EX7300 before 1.0.2.136, EX8000 before 1.0.1.180, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WN2000RPTv3 before 1.0.1.32, WN3000RPv2 before 1.0.0.68, WN3100RPv2 before 1.0.0.60, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32. | ||||
| CVE-2020-26901 | 1 Netgear | 12 Rbk752, Rbk752 Firmware, Rbk852 and 9 more | 2021-07-21 | 6.5 Medium |
| Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. | ||||
| CVE-2020-26897 | 1 Netgear | 14 Cbr40, Cbr40 Firmware, Rbk752 and 11 more | 2021-07-21 | 8.8 High |
| Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11. | ||||
| CVE-2019-20687 | 1 Netgear | 10 D6200, D6200 Firmware, D7000 and 7 more | 2021-07-21 | 7.5 High |
| Certain NETGEAR devices are affected by denial of service. This affects D6200 before 1.1.00.34, D7000 before 1.0.1.70, JR6150 before 1.0.1.18, R6050 before 1.0.1.18, and WNR2020 before 1.1.0.62. | ||||
| CVE-2020-11790 | 1 Netgear | 2 R7800, R7800 Firmware | 2021-07-21 | 9.8 Critical |
| NETGEAR R7800 devices before 1.0.2.68 are affected by remote code execution by unauthenticated attackers. | ||||
| CVE-2020-14428 | 1 Netgear | 24 Rbk752, Rbk752 Firmware, Rbk753 and 21 more | 2021-07-21 | 8.8 High |
| Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. | ||||
| CVE-2021-31802 | 1 Netgear | 2 R7000, R7000 Firmware | 2021-05-06 | 8.8 High |
| NETGEAR R7000 1.0.11.116 devices have a heap-based Buffer Overflow that is exploitable from the local network without authentication. The vulnerability exists within the handling of an HTTP request. An attacker can leverage this to execute code as root. The problem is that a user-provided length value is trusted during a backup.cgi file upload. The attacker must add a \n before the Content-Length header. | ||||
| CVE-2021-27251 | 1 Netgear | 84 Br200, Br200 Firmware, Br500 and 81 more | 2021-04-27 | 8.8 High |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Authentication is not required to exploit this vulnerability The specific flaw exists within handling of firmware updates. The issue results from a fallback to a insecure protocol to deliver updates. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12308. | ||||
| CVE-2021-27252 | 1 Netgear | 84 Br200, Br200 Firmware, Br500 and 81 more | 2021-04-27 | 8.8 High |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the vendor_specific DHCP opcode. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12216. | ||||
| CVE-2021-27253 | 1 Netgear | 84 Br200, Br200 Firmware, Br500 and 81 more | 2021-04-23 | 8.8 High |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the rc_service parameter provided to apply_bind.cgi. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12303. | ||||
| CVE-2021-27239 | 1 Netgear | 70 D6220, D6220 Firmware, D6400 and 67 more | 2021-04-02 | 8.8 High |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400 and R6700 firmware version 1.0.4.98 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the upnpd service, which listens on UDP port 1900 by default. A crafted MX header field in an SSDP message can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11851. | ||||
| CVE-2021-27273 | 1 Netgear | 1 Prosafe Network Management System | 2021-03-30 | 8.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SettingConfigController class. When parsing the fileName parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-12121. | ||||
| CVE-2021-27272 | 1 Netgear | 1 Prosafe Network Management System | 2021-03-30 | 7.1 High |
| This vulnerability allows remote attackers to delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ReportTemplateController class. When parsing the path parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-12123. | ||||