Vendor CVEs
Netgear
All CVEs
1,327 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-44198 | 0.00 | — | 0.01 | Nov 22, 2022 | Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter openvpn_push1. | |||
| CVE-2022-44197 | 0.00 | — | 0.01 | Nov 22, 2022 | Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter openvpn_server_ip. | |||
| CVE-2022-44196 | 0.00 | — | 0.01 | Nov 22, 2022 | Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter openvpn_push1. | |||
| CVE-2022-44186 | 0.00 | — | 0.01 | Nov 22, 2022 | Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter wan_dns1_pri. | |||
| CVE-2022-44191 | 0.00 | — | 0.01 | Nov 22, 2022 | Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameters KEY1 and KEY2. | |||
| CVE-2022-44193 | 0.00 | — | 0.01 | Nov 22, 2022 | Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameters: starthour, startminute , endhour, and endminute. | |||
| CVE-2022-44190 | 0.00 | — | 0.01 | Nov 22, 2022 | Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter enable_band_steering. | |||
| CVE-2022-44188 | 0.00 | — | 0.01 | Nov 22, 2022 | Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter enable_band_steering. | |||
| CVE-2022-44199 | 0.00 | — | 0.01 | Nov 22, 2022 | Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter openvpn_server_ip. | |||
| CVE-2022-44194 | 0.00 | — | 0.01 | Nov 22, 2022 | Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameters apmode_dns1_pri and apmode_dns1_sec. | |||
| CVE-2022-42221 | 0.00 | — | 0.02 | Oct 17, 2022 | Netgear R6220 v1.1.0.114_1.0.1 suffers from Incorrect Access Control, resulting in a command injection vulnerability. | |||
| CVE-2022-37232 | 0.00 | — | 0.01 | Sep 23, 2022 | Netgear N300 wireless router wnr2000v4-V1.0.0.70 is vulnerable to Buffer Overflow via uhttpd. There is a stack overflow vulnerability caused by strcpy. | |||
| CVE-2022-37235 | 0.00 | — | 0.01 | Sep 23, 2022 | Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1.0.11.134_10.2.119 is vulnerable to Buffer Overflow via the wl binary in firmware. There is a stack overflow vulnerability caused by strncat | |||
| CVE-2022-31937 | 0.00 | — | 0.01 | Sep 22, 2022 | Netgear N300 wireless router wnr2000v4-V1.0.0.70 was discovered to contain a stack overflow via strcpy in uhttpd. | |||
| CVE-2022-37234 | 0.00 | — | 0.01 | Sep 22, 2022 | Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1.0.11.134_10.2.119 is vulnerable to Buffer Overflow via the wl binary in firmware. There is a stack overflow vulnerability caused by strncpy. | |||
| CVE-2022-38955 | 0.00 | — | 0.00 | Sep 20, 2022 | An exploitable firmware modification vulnerability was discovered on the Netgear WPN824EXT WiFi Range Extender. An attacker can conduct a MITM attack to modify the user-uploaded firmware image and bypass the CRC check. A successful attack can either introduce a backdoor to the… | |||
| CVE-2022-38956 | 0.00 | — | 0.00 | Sep 20, 2022 | An exploitable firmware downgrade vulnerability was discovered on the Netgear WPN824EXT WiFi Range Extender. An attacker can conduct a MITM attack to replace the user-uploaded firmware image with an original old firmware image. This affects Firmware 1.1.1_1.1.9 and earlier. | |||
| CVE-2021-34236 | 0.00 | — | 0.01 | Sep 7, 2022 | Buffer Overflow in Netgear R8000 Router with firmware v1.0.4.56 allows remote attackers to execute arbitrary code or cause a denial-of-service by sending a crafted POST to '/bd_genie_create_account.cgi' with a sufficiently long parameter 'register_country'. | |||
| CVE-2022-30078 | 0.00 | — | 0.02 | Sep 7, 2022 | NETGEAR R6200_V2 firmware versions through R6200v2-V1.0.3.12_10.1.11 and R6300_V2 firmware versions through R6300v2-V1.0.4.52_10.0.93 allow remote authenticated attackers to execute arbitrary command via shell metacharacters in the ipv6_fix.cgi ipv6_wan_ipaddr, ipv6_lan_ipaddr,… | |||
| CVE-2022-31876 | 0.00 | — | 0.01 | Jun 17, 2022 | netgear wnap320 router WNAP320_V2.0.3_firmware is vulnerable to Incorrect Access Control via /recreate.php, which can leak all users cookies. | |||
| CVE-2022-27946 | 0.00 | — | 0.03 | Mar 26, 2022 | NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to admin_account.cgi. | |||
| CVE-2022-27947 | 0.00 | — | 0.03 | Mar 26, 2022 | NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the ipv6_fix.cgi ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, or ipv6_lan_length parameter. | |||
| CVE-2022-27945 | 0.00 | — | 0.03 | Mar 26, 2022 | NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to password.cgi. | |||
| CVE-2022-24655 | 0.00 | — | 0.01 | Mar 18, 2022 | A stack overflow vulnerability exists in the upnpd service in Netgear EX6100v1 201.0.2.28, CAX80 2.1.2.6, and DC112A 1.0.0.62, which may lead to the execution of arbitrary code without authentication. | |||
| CVE-2021-44261 | 0.00 | — | 0.21 | Mar 17, 2022 | A vulnerability is in the 'BRS_top.html' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes firmware version information for the device. | |||
| CVE-2021-44262 | 0.00 | — | 0.02 | Mar 17, 2022 | A vulnerability is in the 'MNU_top.htm' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes some key information for the device. | |||
| CVE-2021-46382 | 0.00 | — | 0.01 | Mar 4, 2022 | Unauthenticated cross-site scripting (XSS) in Netgear WAC120 AC Access Point may lead to mulitple attacks like session hijacking even clipboard hijacking. | |||
| CVE-2021-34870 | 0.00 | — | 0.01 | Jan 25, 2022 | This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR XR1000 1.0.0.52_1.0.38 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of SOAP… | |||
| CVE-2021-34980 | 0.00 | — | 0.01 | Jan 13, 2022 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 1.1.0.78_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setupwizard.cgi page. When parsing… | |||
| CVE-2021-34979 | 0.00 | — | 0.01 | Jan 13, 2022 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 1.1.0.78_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SOAP requests. When… | |||
| CVE-2021-34978 | 0.00 | — | 0.02 | Jan 13, 2022 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 1.1.0.78_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setupwizard.cgi page. A crafted… | |||
| CVE-2021-34977 | 0.00 | — | 0.01 | Jan 13, 2022 | This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7000 1.0.11.116_10.2.100 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of SOAP requests.… | |||
| CVE-2021-20174 | 0.00 | — | 0.01 | Dec 30, 2021 | Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure communication methods to the web interface. By default, all communication to/from the device's web interface is sent via HTTP, which causes potentially sensitive information (such as usernames and passwords) to be… | |||
| CVE-2021-20175 | 0.00 | — | 0.01 | Dec 30, 2021 | Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure communication methods to the SOAP interface. By default, all communication to/from the device's SOAP Interface (port 5000) is sent via HTTP, which causes potentially sensitive information (such as usernames and… | |||
| CVE-2021-45077 | 0.00 | — | 0.01 | Dec 30, 2021 | Netgear Nighthawk R6700 version 1.0.4.120 stores sensitive information in plaintext. All usernames and passwords for the device's associated services are stored in plaintext on the device. For example, the admin password is stored in plaintext in the primary configuration file… | |||
| CVE-2021-23147 | 0.00 | — | 0.00 | Dec 30, 2021 | Netgear Nighthawk R6700 version 1.0.4.120 does not have sufficient protections for the UART console. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection and execute commands as the root user without authentication. | |||
| CVE-2021-45732 | 0.00 | — | 0.01 | Dec 30, 2021 | Netgear Nighthawk R6700 version 1.0.4.120 makes use of a hardcoded credential. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted/obfuscated. By extracting the configuration using readily… | |||
| CVE-2021-20169 | 0.00 | — | 0.00 | Dec 30, 2021 | Netgear RAX43 version 1.0.3.96 does not utilize secure communications to the web interface. By default, all communication to/from the device is sent via HTTP, which causes potentially sensitive information (such as usernames and passwords) to be transmitted in cleartext. | |||
| CVE-2021-20168 | 0.00 | — | 0.00 | Dec 30, 2021 | Netgear RAX43 version 1.0.3.96 does not have sufficient protections to the UART interface. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection, login with default credentials, and execute commands as the root user.… | |||
| CVE-2021-20170 | 0.00 | — | 0.01 | Dec 30, 2021 | Netgear RAX43 version 1.0.3.96 makes use of hardcoded credentials. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted. This encryption is accomplished via a password-protected zip file with a… | |||
| CVE-2021-20171 | 0.00 | — | 0.00 | Dec 30, 2021 | Netgear RAX43 version 1.0.3.96 stores sensitive information in plaintext. All usernames and passwords for the device's associated services are stored in plaintext on the device. For example, the admin password is stored in plaintext in the primary configuration file on the… | |||
| CVE-2021-45493 | 0.00 | — | 0.01 | Dec 26, 2021 | Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RAX35 before 1.0.4.102, RAX38 before 1.0.4.102, and RAX40 before 1.0.4.102. | |||
| CVE-2021-45494 | 0.00 | — | 0.00 | Dec 26, 2021 | Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects RBK352 before 4.4.0.10, RBR350 before 4.4.0.10, and RBS350 before 4.4.0.10. | |||
| CVE-2021-45495 | 0.00 | — | 0.02 | Dec 26, 2021 | NETGEAR D7000 devices before 1.0.1.68 are affected by authentication bypass. | |||
| CVE-2021-45496 | 0.00 | — | 0.02 | Dec 26, 2021 | NETGEAR D7000 devices before 1.0.1.82 are affected by authentication bypass. | |||
| CVE-2021-45497 | 0.00 | — | 0.02 | Dec 26, 2021 | NETGEAR D7000 devices before 1.0.1.82 are affected by authentication bypass. | |||
| CVE-2021-45498 | 0.00 | — | 0.02 | Dec 26, 2021 | NETGEAR R6700v2 devices before 1.2.0.88 are affected by authentication bypass. | |||
| CVE-2021-45499 | 0.00 | — | 0.01 | Dec 26, 2021 | Certain NETGEAR devices are affected by authentication bypass. This affects R6900P before 1.3.3.140, R7000P before 1.3.3.140, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000P before 1.4.2.84, RAX75 before 1.0.3.106, and RAX80 before 1.0.3.106. | |||
| CVE-2021-45500 | 0.00 | — | 0.00 | Dec 26, 2021 | Certain NETGEAR devices are affected by authentication bypass. This affects R7000P before 1.3.3.140 and R8000 before 1.0.4.68. | |||
| CVE-2021-45501 | 0.00 | — | 0.02 | Dec 26, 2021 | Certain NETGEAR devices are affected by authentication bypass. This affects AC2400 before 1.1.0.84, AC2600 before 1.1.0.84, D7000 before 1.0.1.82, R6020 before 1.0.0.52, R6080 before 1.0.0.52, R6120 before 1.0.0.80, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before… |
- CVE-2022-44198Nov 22, 2022risk 0.00cvss —epss 0.01
Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter openvpn_push1.
- CVE-2022-44197Nov 22, 2022risk 0.00cvss —epss 0.01
Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter openvpn_server_ip.
- CVE-2022-44196Nov 22, 2022risk 0.00cvss —epss 0.01
Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter openvpn_push1.
- CVE-2022-44186Nov 22, 2022risk 0.00cvss —epss 0.01
Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter wan_dns1_pri.
- CVE-2022-44191Nov 22, 2022risk 0.00cvss —epss 0.01
Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameters KEY1 and KEY2.
- CVE-2022-44193Nov 22, 2022risk 0.00cvss —epss 0.01
Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameters: starthour, startminute , endhour, and endminute.
- CVE-2022-44190Nov 22, 2022risk 0.00cvss —epss 0.01
Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter enable_band_steering.
- CVE-2022-44188Nov 22, 2022risk 0.00cvss —epss 0.01
Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter enable_band_steering.
- CVE-2022-44199Nov 22, 2022risk 0.00cvss —epss 0.01
Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter openvpn_server_ip.
- CVE-2022-44194Nov 22, 2022risk 0.00cvss —epss 0.01
Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameters apmode_dns1_pri and apmode_dns1_sec.
- CVE-2022-42221Oct 17, 2022risk 0.00cvss —epss 0.02
Netgear R6220 v1.1.0.114_1.0.1 suffers from Incorrect Access Control, resulting in a command injection vulnerability.
- CVE-2022-37232Sep 23, 2022risk 0.00cvss —epss 0.01
Netgear N300 wireless router wnr2000v4-V1.0.0.70 is vulnerable to Buffer Overflow via uhttpd. There is a stack overflow vulnerability caused by strcpy.
- CVE-2022-37235Sep 23, 2022risk 0.00cvss —epss 0.01
Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1.0.11.134_10.2.119 is vulnerable to Buffer Overflow via the wl binary in firmware. There is a stack overflow vulnerability caused by strncat
- CVE-2022-31937Sep 22, 2022risk 0.00cvss —epss 0.01
Netgear N300 wireless router wnr2000v4-V1.0.0.70 was discovered to contain a stack overflow via strcpy in uhttpd.
- CVE-2022-37234Sep 22, 2022risk 0.00cvss —epss 0.01
Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1.0.11.134_10.2.119 is vulnerable to Buffer Overflow via the wl binary in firmware. There is a stack overflow vulnerability caused by strncpy.
- CVE-2022-38955Sep 20, 2022risk 0.00cvss —epss 0.00
An exploitable firmware modification vulnerability was discovered on the Netgear WPN824EXT WiFi Range Extender. An attacker can conduct a MITM attack to modify the user-uploaded firmware image and bypass the CRC check. A successful attack can either introduce a backdoor to the…
- CVE-2022-38956Sep 20, 2022risk 0.00cvss —epss 0.00
An exploitable firmware downgrade vulnerability was discovered on the Netgear WPN824EXT WiFi Range Extender. An attacker can conduct a MITM attack to replace the user-uploaded firmware image with an original old firmware image. This affects Firmware 1.1.1_1.1.9 and earlier.
- CVE-2021-34236Sep 7, 2022risk 0.00cvss —epss 0.01
Buffer Overflow in Netgear R8000 Router with firmware v1.0.4.56 allows remote attackers to execute arbitrary code or cause a denial-of-service by sending a crafted POST to '/bd_genie_create_account.cgi' with a sufficiently long parameter 'register_country'.
- CVE-2022-30078Sep 7, 2022risk 0.00cvss —epss 0.02
NETGEAR R6200_V2 firmware versions through R6200v2-V1.0.3.12_10.1.11 and R6300_V2 firmware versions through R6300v2-V1.0.4.52_10.0.93 allow remote authenticated attackers to execute arbitrary command via shell metacharacters in the ipv6_fix.cgi ipv6_wan_ipaddr, ipv6_lan_ipaddr,…
- CVE-2022-31876Jun 17, 2022risk 0.00cvss —epss 0.01
netgear wnap320 router WNAP320_V2.0.3_firmware is vulnerable to Incorrect Access Control via /recreate.php, which can leak all users cookies.
- CVE-2022-27946Mar 26, 2022risk 0.00cvss —epss 0.03
NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to admin_account.cgi.
- CVE-2022-27947Mar 26, 2022risk 0.00cvss —epss 0.03
NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the ipv6_fix.cgi ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, or ipv6_lan_length parameter.
- CVE-2022-27945Mar 26, 2022risk 0.00cvss —epss 0.03
NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to password.cgi.
- CVE-2022-24655Mar 18, 2022risk 0.00cvss —epss 0.01
A stack overflow vulnerability exists in the upnpd service in Netgear EX6100v1 201.0.2.28, CAX80 2.1.2.6, and DC112A 1.0.0.62, which may lead to the execution of arbitrary code without authentication.
- CVE-2021-44261Mar 17, 2022risk 0.00cvss —epss 0.21
A vulnerability is in the 'BRS_top.html' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes firmware version information for the device.
- CVE-2021-44262Mar 17, 2022risk 0.00cvss —epss 0.02
A vulnerability is in the 'MNU_top.htm' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes some key information for the device.
- CVE-2021-46382Mar 4, 2022risk 0.00cvss —epss 0.01
Unauthenticated cross-site scripting (XSS) in Netgear WAC120 AC Access Point may lead to mulitple attacks like session hijacking even clipboard hijacking.
- CVE-2021-34870Jan 25, 2022risk 0.00cvss —epss 0.01
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR XR1000 1.0.0.52_1.0.38 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of SOAP…
- CVE-2021-34980Jan 13, 2022risk 0.00cvss —epss 0.01
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 1.1.0.78_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setupwizard.cgi page. When parsing…
- CVE-2021-34979Jan 13, 2022risk 0.00cvss —epss 0.01
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 1.1.0.78_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SOAP requests. When…
- CVE-2021-34978Jan 13, 2022risk 0.00cvss —epss 0.02
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 1.1.0.78_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setupwizard.cgi page. A crafted…
- CVE-2021-34977Jan 13, 2022risk 0.00cvss —epss 0.01
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7000 1.0.11.116_10.2.100 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of SOAP requests.…
- CVE-2021-20174Dec 30, 2021risk 0.00cvss —epss 0.01
Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure communication methods to the web interface. By default, all communication to/from the device's web interface is sent via HTTP, which causes potentially sensitive information (such as usernames and passwords) to be…
- CVE-2021-20175Dec 30, 2021risk 0.00cvss —epss 0.01
Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure communication methods to the SOAP interface. By default, all communication to/from the device's SOAP Interface (port 5000) is sent via HTTP, which causes potentially sensitive information (such as usernames and…
- CVE-2021-45077Dec 30, 2021risk 0.00cvss —epss 0.01
Netgear Nighthawk R6700 version 1.0.4.120 stores sensitive information in plaintext. All usernames and passwords for the device's associated services are stored in plaintext on the device. For example, the admin password is stored in plaintext in the primary configuration file…
- CVE-2021-23147Dec 30, 2021risk 0.00cvss —epss 0.00
Netgear Nighthawk R6700 version 1.0.4.120 does not have sufficient protections for the UART console. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection and execute commands as the root user without authentication.
- CVE-2021-45732Dec 30, 2021risk 0.00cvss —epss 0.01
Netgear Nighthawk R6700 version 1.0.4.120 makes use of a hardcoded credential. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted/obfuscated. By extracting the configuration using readily…
- CVE-2021-20169Dec 30, 2021risk 0.00cvss —epss 0.00
Netgear RAX43 version 1.0.3.96 does not utilize secure communications to the web interface. By default, all communication to/from the device is sent via HTTP, which causes potentially sensitive information (such as usernames and passwords) to be transmitted in cleartext.
- CVE-2021-20168Dec 30, 2021risk 0.00cvss —epss 0.00
Netgear RAX43 version 1.0.3.96 does not have sufficient protections to the UART interface. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection, login with default credentials, and execute commands as the root user.…
- CVE-2021-20170Dec 30, 2021risk 0.00cvss —epss 0.01
Netgear RAX43 version 1.0.3.96 makes use of hardcoded credentials. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted. This encryption is accomplished via a password-protected zip file with a…
- CVE-2021-20171Dec 30, 2021risk 0.00cvss —epss 0.00
Netgear RAX43 version 1.0.3.96 stores sensitive information in plaintext. All usernames and passwords for the device's associated services are stored in plaintext on the device. For example, the admin password is stored in plaintext in the primary configuration file on the…
- CVE-2021-45493Dec 26, 2021risk 0.00cvss —epss 0.01
Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RAX35 before 1.0.4.102, RAX38 before 1.0.4.102, and RAX40 before 1.0.4.102.
- CVE-2021-45494Dec 26, 2021risk 0.00cvss —epss 0.00
Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects RBK352 before 4.4.0.10, RBR350 before 4.4.0.10, and RBS350 before 4.4.0.10.
- CVE-2021-45495Dec 26, 2021risk 0.00cvss —epss 0.02
NETGEAR D7000 devices before 1.0.1.68 are affected by authentication bypass.
- CVE-2021-45496Dec 26, 2021risk 0.00cvss —epss 0.02
NETGEAR D7000 devices before 1.0.1.82 are affected by authentication bypass.
- CVE-2021-45497Dec 26, 2021risk 0.00cvss —epss 0.02
NETGEAR D7000 devices before 1.0.1.82 are affected by authentication bypass.
- CVE-2021-45498Dec 26, 2021risk 0.00cvss —epss 0.02
NETGEAR R6700v2 devices before 1.2.0.88 are affected by authentication bypass.
- CVE-2021-45499Dec 26, 2021risk 0.00cvss —epss 0.01
Certain NETGEAR devices are affected by authentication bypass. This affects R6900P before 1.3.3.140, R7000P before 1.3.3.140, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000P before 1.4.2.84, RAX75 before 1.0.3.106, and RAX80 before 1.0.3.106.
- CVE-2021-45500Dec 26, 2021risk 0.00cvss —epss 0.00
Certain NETGEAR devices are affected by authentication bypass. This affects R7000P before 1.3.3.140 and R8000 before 1.0.4.68.
- CVE-2021-45501Dec 26, 2021risk 0.00cvss —epss 0.02
Certain NETGEAR devices are affected by authentication bypass. This affects AC2400 before 1.1.0.84, AC2600 before 1.1.0.84, D7000 before 1.0.1.82, R6020 before 1.0.0.52, R6080 before 1.0.0.52, R6120 before 1.0.0.80, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before…
Page 8 of 27