Filtered by vendor Netgear
Subscribe
Total
1294 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-26930 | 1 Netgear | 2 Ex7700, Ex7700 Firmware | 2020-10-16 | 5.5 MEDIUM | 3.8 LOW |
| NETGEAR EX7700 devices before 1.0.0.210 are affected by incorrect configuration of security settings. | |||||
| CVE-2020-26925 | 1 Netgear | 2 Gs808e, Gs808e Firmware | 2020-10-16 | 2.1 LOW | 3.2 LOW |
| NETGEAR GS808E devices before 1.7.1.0 are affected by denial of service. | |||||
| CVE-2020-26922 | 1 Netgear | 8 Wc7500, Wc7500 Firmware, Wc7600 and 5 more | 2020-10-15 | 4.6 MEDIUM | 6.7 MEDIUM |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WC7500 before 6.5.5.24, WC7600 before 6.5.5.24, WC7600v2 before 6.5.5.24, and WC9500 before 6.5.5.24. | |||||
| CVE-2020-26923 | 1 Netgear | 8 Wc7500, Wc7500 Firmware, Wc7600 and 5 more | 2020-10-15 | 3.5 LOW | 4.8 MEDIUM |
| Certain NETGEAR devices are affected by stored XSS. This affects WC7500 before 6.5.5.24, WC7600 before 6.5.5.24, WC7600v2 before 6.5.5.24, and WC9500 before 6.5.5.24. | |||||
| CVE-2019-17137 | 1 Netgear | 2 Ac1200 R6220, Ac1200 R6220 Firmware | 2020-10-09 | 7.5 HIGH | 9.4 CRITICAL |
| This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR AC1200 R6220 Firmware version 1.1.0.86 Smart WiFi Router. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of path strings. By inserting a null byte into the path, the user can skip most authentication checks. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-8616. | |||||
| CVE-2020-5621 | 1 Netgear | 4 Gs716t, Gs716tv2 Firmware, Gs724t and 1 more | 2020-09-04 | 4.3 MEDIUM | 4.3 MEDIUM |
| Cross-site request forgery (CSRF) vulnerability in NETGEAR switching hubs (GS716Tv2 Firmware version 5.4.2.30 and earlier, and GS724Tv3 Firmware version 5.4.2.30 and earlier) allow remote attackers to hijack the authentication of administrators and alter the settings of the device via unspecified vectors. | |||||
| CVE-2020-15634 | 1 Netgear | 2 R6700, R6700 Firmware | 2020-08-24 | 5.8 MEDIUM | 6.3 MEDIUM |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 routers with firmware 1.0.4.84_10.0.58. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to execute code in the context of the web server. Was ZDI-CAN-9755. | |||||
| CVE-2020-15635 | 1 Netgear | 2 R6700, R6700 Firmware | 2020-08-24 | 8.3 HIGH | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers with firmware 1.0.4.84_10.0.58. Authentication is not required to exploit this vulnerability. The specific flaw exists within the acsd service, which listens on TCP port 5916 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-9853. | |||||
| CVE-2020-15636 | 1 Netgear | 2 R6700, R6700 Firmware | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R6400, R6700, R7000, R7850, R7900, R8000, RS400, and XR300 routers with firmware 1.0.4.84_10.0.58. Authentication is not required to exploit this vulnerability. The specific flaw exists within the check_ra service. A crafted raePolicyVersion in a RAE_Policy.json file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9852. | |||||
| CVE-2019-20724 | 1 Netgear | 38 D3600, D3600 Firmware, D6000 and 35 more | 2020-08-24 | 5.2 MEDIUM | 6.8 MEDIUM |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, D7800 before 1.0.1.44, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, RBS40 before 2.3.0.28, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32. | |||||
| CVE-2019-20659 | 1 Netgear | 8 R6400, R6400 Firmware, R6700 and 5 more | 2020-08-24 | 6.5 MEDIUM | 7.2 HIGH |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6400v2 before 1.0.4.84, R6700 before 1.0.2.8, R6700v3 before 1.0.4.84, R6900 before 1.0.2.8, and R7900 before 1.0.3.10. | |||||
| CVE-2019-20655 | 1 Netgear | 4 Xr500, Xr500 Firmware, Xr700 and 1 more | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects XR500 before 2.3.2.56 and XR700 before 1.0.1.20. | |||||
| CVE-2019-12510 | 1 Netgear | 2 Nighthawk X10-r9000, Nighthawk X10-r9000 Firmware | 2020-08-24 | 6.4 MEDIUM | 9.1 CRITICAL |
| In NETGEAR Nighthawk X10-R900 prior to 1.0.4.26, an attacker may bypass all authentication checks on the device's "NETGEAR Genie" SOAP API ("/soap/server_sa") by supplying a malicious X-Forwarded-For header of the device's LAN IP address (192.168.1.1) in every request. As a result, an attacker may modify almost all of the device's settings and view various configuration settings. | |||||
| CVE-2019-20727 | 1 Netgear | 18 D6100, D6100 Firmware, R7800 and 15 more | 2020-08-24 | 5.2 MEDIUM | 6.8 MEDIUM |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6100 before 1.0.0.63, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32. | |||||
| CVE-2019-20638 | 1 Netgear | 2 Mr1100, Mr1100 Firmware | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| NETGEAR MR1100 devices before 12.06.08.00 are affected by disclosure of administrative credentials. | |||||
| CVE-2019-20642 | 1 Netgear | 2 Rax40, Rax40 Firmware | 2020-08-24 | 5.2 MEDIUM | 8.0 HIGH |
| NETGEAR RAX40 devices before 1.0.3.64 are affected by authentication bypass. | |||||
| CVE-2019-20760 | 1 Netgear | 2 R9000, R9000 Firmware | 2020-08-24 | 5.8 MEDIUM | 8.8 HIGH |
| NETGEAR R9000 devices before 1.0.4.26 are affected by authentication bypass. | |||||
| CVE-2019-14363 | 1 Netgear | 2 Wndr3400v3, Wndr3400v3 Firmware | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| A stack-based buffer overflow in the upnpd binary running on NETGEAR WNDR3400v3 routers with firmware version 1.0.1.18_1.0.63 allows an attacker to remotely execute arbitrary code via a crafted UPnP SSDP packet. | |||||
| CVE-2019-13393 | 1 Netgear | 2 Cg3700b, Cg3700b Firmware | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses the same default 8 character passphrase for the administrative console and the WPA2 pre-shared key. Either an attack against HTTP Basic Authentication or an attack against WPA2 could be used to determine this passphrase. | |||||
| CVE-2019-20641 | 1 Netgear | 2 Rax40, Rax40 Firmware | 2020-08-24 | 5.8 MEDIUM | 8.8 HIGH |
| NETGEAR RAX40 devices before 1.0.3.64 are affected by lack of access control at the function level. | |||||