Nighthawk WiFi6 Router
by Netgear
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-28338 | 0.00 | — | 0.01 | Mar 15, 2023 | Any request send to a Netgear Nighthawk Wifi6 Router (RAX30)'s web service containing a “Content-Type” of “multipartboundary=” will result in the request body being written to “/tmp/mulipartFile” on the device itself. A sufficiently large file will cause device… | |||
| CVE-2023-27850 | 0.00 | — | 0.00 | Mar 10, 2023 | NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that allows users with access to this feature to access arbitrary files on the device. | |||
| CVE-2023-27853 | 0.00 | — | 0.20 | Mar 10, 2023 | NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a format string vulnerability in a SOAP service that could allow an attacker to execute arbitrary code on the device. | |||
| CVE-2023-27852 | 0.00 | — | 0.01 | Mar 10, 2023 | NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a buffer overflow vulnerability in various CGI mechanisms that could allow an attacker to execute arbitrary code on the device. | |||
| CVE-2023-1205 | 0.00 | — | 0.00 | Mar 10, 2023 | NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 is vulnerable to cross-site request forgery attacks on all endpoints due to improperly implemented CSRF protections. | |||
| CVE-2023-27851 | 0.00 | — | 0.01 | Mar 10, 2023 | NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that unintentionally allows users with upload permissions to execute arbitrary code on the device. |
- CVE-2023-28338Mar 15, 2023risk 0.00cvss —epss 0.01
Any request send to a Netgear Nighthawk Wifi6 Router (RAX30)'s web service containing a “Content-Type” of “multipartboundary=” will result in the request body being written to “/tmp/mulipartFile” on the device itself. A sufficiently large file will cause device…
- CVE-2023-27850Mar 10, 2023risk 0.00cvss —epss 0.00
NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that allows users with access to this feature to access arbitrary files on the device.
- CVE-2023-27853Mar 10, 2023risk 0.00cvss —epss 0.20
NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a format string vulnerability in a SOAP service that could allow an attacker to execute arbitrary code on the device.
- CVE-2023-27852Mar 10, 2023risk 0.00cvss —epss 0.01
NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a buffer overflow vulnerability in various CGI mechanisms that could allow an attacker to execute arbitrary code on the device.
- CVE-2023-1205Mar 10, 2023risk 0.00cvss —epss 0.00
NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 is vulnerable to cross-site request forgery attacks on all endpoints due to improperly implemented CSRF protections.
- CVE-2023-27851Mar 10, 2023risk 0.00cvss —epss 0.01
NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that unintentionally allows users with upload permissions to execute arbitrary code on the device.