Total
5 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-35973 | 1 Netgear | 2 Wac104, Wac104 Firmware | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
NETGEAR WAC104 devices before 1.0.4.15 are affected by an authentication bypass vulnerability in /usr/sbin/mini_httpd, allowing an unauthenticated attacker to invoke any action by adding the ¤tsetting.htm substring to the HTTP query, a related issue to CVE-2020-27866. This directly allows the attacker to change the web UI password, and eventually to enable debug mode (telnetd) and gain a shell on the device as the admin limited-user account (however, escalation to root is simple because of weak permissions on the /etc/ directory). | |||||
CVE-2021-44262 | 1 Netgear | 6 Mbr1517, Mbr1517 Firmware, Wac104 and 3 more | 2022-03-23 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability is in the 'MNU_top.htm' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes some key information for the device. | |||||
CVE-2021-44261 | 1 Netgear | 10 R6220, R6220 Firmware, R6900 and 7 more | 2022-03-23 | 5.0 MEDIUM | 5.3 MEDIUM |
A vulnerability is in the 'BRS_top.html' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes firmware version information for the device. | |||||
CVE-2021-38532 | 1 Netgear | 2 Wac104, Wac104 Firmware | 2021-08-19 | 6.5 MEDIUM | 7.2 HIGH |
NETGEAR WAC104 devices before 1.0.4.15 are affected by incorrect configuration of security settings. | |||||
CVE-2020-35788 | 1 Netgear | 2 Wac104, Wac104 Firmware | 2020-12-30 | 5.2 MEDIUM | 6.8 MEDIUM |
NETGEAR WAC104 devices before 1.0.4.13 are affected by a buffer overflow by an authenticated user. |