Filtered by vendor Netgear
Subscribe
Total
1078 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-42221 | 1 Netgear | 2 R6220, R6220 Firmware | 2022-10-18 | N/A | 8.8 HIGH |
Netgear R6220 v1.1.0.114_1.0.1 suffers from Incorrect Access Control, resulting in a command injection vulnerability. | |||||
CVE-2022-37234 | 1 Netgear | 2 R7000, R7000 Firmware | 2022-09-26 | N/A | 7.8 HIGH |
Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1.0.11.134_10.2.119 is vulnerable to Buffer Overflow via the wl binary in firmware. There is a stack overflow vulnerability caused by strncpy. | |||||
CVE-2022-37235 | 1 Netgear | 2 R7000, R7000 Firmware | 2022-09-23 | N/A | 9.8 CRITICAL |
Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1.0.11.134_10.2.119 is vulnerable to Buffer Overflow via the wl binary in firmware. There is a stack overflow vulnerability caused by strncat | |||||
CVE-2022-31937 | 1 Netgear | 2 Wnr2000v4, Wnr2000v4 Firmware | 2022-09-23 | N/A | 9.8 CRITICAL |
Netgear N300 wireless router wnr2000v4-V1.0.0.70 was discovered to contain a stack overflow via strcpy in uhttpd. | |||||
CVE-2022-37232 | 1 Netgear | 2 Wnr2000v4, Wnr2000v4 Firmware | 2022-09-23 | N/A | 9.8 CRITICAL |
Netgear N300 wireless router wnr2000v4-V1.0.0.70 is vulnerable to Buffer Overflow via uhttpd. There is a stack overflow vulnerability caused by strcpy. | |||||
CVE-2022-38956 | 1 Netgear | 2 Wpn824ext, Wpn824ext Firmware | 2022-09-22 | N/A | 5.3 MEDIUM |
An exploitable firmware downgrade vulnerability was discovered on the Netgear WPN824EXT WiFi Range Extender. An attacker can conduct a MITM attack to replace the user-uploaded firmware image with an original old firmware image. This affects Firmware 1.1.1_1.1.9 and earlier. | |||||
CVE-2022-38955 | 1 Netgear | 2 Wpn824ext, Wpn824ext Firmware | 2022-09-22 | N/A | 7.5 HIGH |
An exploitable firmware modification vulnerability was discovered on the Netgear WPN824EXT WiFi Range Extender. An attacker can conduct a MITM attack to modify the user-uploaded firmware image and bypass the CRC check. A successful attack can either introduce a backdoor to the device or make the device DoS. This affects Firmware Version: 1.1.1_1.1.9. | |||||
CVE-2022-30078 | 1 Netgear | 4 R6200, R6200 Firmware, R6300 and 1 more | 2022-09-12 | N/A | 8.8 HIGH |
NETGEAR R6200_V2 firmware versions through R6200v2-V1.0.3.12_10.1.11 and R6300_V2 firmware versions through R6300v2-V1.0.4.52_10.0.93 allow remote authenticated attackers to execute arbitrary command via shell metacharacters in the ipv6_fix.cgi ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, or ipv6_lan_length parameters. | |||||
CVE-2021-34236 | 1 Netgear | 2 R8000, R8000 Firmware | 2022-09-12 | N/A | 9.8 CRITICAL |
Buffer Overflow in Netgear R8000 Router with firmware v1.0.4.56 allows remote attackers to execute arbitrary code or cause a denial-of-service by sending a crafted POST to '/bd_genie_create_account.cgi' with a sufficiently long parameter 'register_country'. | |||||
CVE-2020-10930 | 1 Netgear | 2 R6700, R6700 Firmware | 2022-07-25 | 3.3 LOW | 6.5 MEDIUM |
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of URLs. The issue results from the lack of proper routing of URLs. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-9618. | |||||
CVE-2021-45507 | 1 Netgear | 20 Cbr40, Cbr40 Firmware, Cbr750 and 17 more | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBW30 before 2.6.2.2, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, and RBS40V before 2.6.2.8. | |||||
CVE-2021-45511 | 1 Netgear | 34 Ac2100, Ac2100 Firmware, Ac2400 and 31 more | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
Certain NETGEAR devices are affected by authentication bypass. This affects AC2100 before 2021-08-27, AC2400 before 2021-08-27, AC2600 before 2021-08-27, D7000 before 2021-08-27, R6220 before 2021-08-27, R6230 before 2021-08-27, R6260 before 2021-08-27, R6330 before 2021-08-27, R6350 before 2021-08-27, R6700v2 before 2021-08-27, R6800 before 2021-08-27, R6850 before 2021-08-27, R6900v2 before 2021-08-27, R7200 before 2021-08-27, R7350 before 2021-08-27, R7400 before 2021-08-27, and R7450 before 2021-08-27. | |||||
CVE-2021-45077 | 1 Netgear | 2 R6700, R6700 Firmware | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
Netgear Nighthawk R6700 version 1.0.4.120 stores sensitive information in plaintext. All usernames and passwords for the device's associated services are stored in plaintext on the device. For example, the admin password is stored in plaintext in the primary configuration file on the device. | |||||
CVE-2021-45506 | 1 Netgear | 14 Cbr750, Cbr750 Firmware, Rbk752 and 11 more | 2022-07-12 | 5.8 MEDIUM | 8.8 HIGH |
Certain NETGEAR devices are affected by authentication bypass. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. | |||||
CVE-2021-29067 | 1 Netgear | 26 Rbk752, Rbk752 Firmware, Rbk753 and 23 more | 2022-07-12 | 8.3 HIGH | 9.6 CRITICAL |
Certain NETGEAR devices are affected by authentication bypass. This affects RBW30 before 2.6.2.2, RBS40V before 2.6.2.4, RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, RBK753 before 3.2.17.12, RBK753S before 3.2.17.12, RBK754 before 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12. | |||||
CVE-2021-38513 | 1 Netgear | 22 Cbr40, Cbr40 Firmware, Eax20 and 19 more | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
Certain NETGEAR devices are affected by authentication bypass. This affects RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, RBS850 before 3.2.10.11, CBR40 before 2.5.0.10, EAX20 before 1.0.0.48, MK62 before 1.0.6.110, MR60 before 1.0.6.110, MS60 before 1.0.6.110, RBK752 before 3.2.10.10, RBR750 before 3.2.10.10, and RBS750 before 3.2.10.10. | |||||
CVE-2021-45495 | 1 Netgear | 2 D7000, D7000 Firmware | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
NETGEAR D7000 devices before 1.0.1.68 are affected by authentication bypass. | |||||
CVE-2021-45508 | 1 Netgear | 14 Cbr40, Cbr40 Firmware, Cbr750 and 11 more | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, and RBR850 before 3.2.17.12. | |||||
CVE-2021-20173 | 1 Netgear | 2 R6700, R6700 Firmware | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
Netgear Nighthawk R6700 version 1.0.4.120 contains a command injection vulnerability in update functionality of the device. By triggering a system update check via the SOAP interface, the device is susceptible to command injection via preconfigured values. | |||||
CVE-2021-45660 | 1 Netgear | 20 Rbk20, Rbk20 Firmware, Rbk40 and 17 more | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
Certain NETGEAR devices are affected by server-side injection. This affects RBK40 before 2.5.1.16, RBR40 before 2.5.1.16, RBS40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20 before 2.5.1.16, RBK50 before 2.5.1.16, RBR50 before 2.5.1.16, RBS50 before 2.5.1.16, and RBS50Y before 2.6.1.40. |