MidnightBSD

Advisories for netgear

CVE-2001-0514 HIGH

SNMP service in Atmel 802.11b VNET-B Access Point 1.3 and earlier, as used in Netgear ME102 and Linksys WAP11, accepts arbitrary community strings with requested MIB modifications, which allows remote attackers to obtain sensitive information such as WEP keys, cause a denial of service, or gain access to the network.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
netgear me102 *
atmel 802.11b_vnet-b_access_point *
linksys wap11 *
CVE-2001-0888 MEDIUM

Atmel Firmware 1.3 Wireless Access Point (WAP) allows remote attackers to cause a denial of service via a SNMP request with (1) a community string other than "public" or (2) an unknown OID, which causes the WAP to deny subsequent SNMP requests.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
atmel firmware 1.3
linksys wap11 1.3
netgear me102 1.3
CVE-2002-0127 MEDIUM

Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26, when configured to block traffic below port 1024, allows remote attackers to cause a denial of service (hang) via a port scan of the WAN port.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
netgear rp114 3.26
CVE-2002-0238 HIGH

Cross-site scripting vulnerability in web administration interface for NetGear RT314 and RT311 Gateway Routers allows remote attackers to execute arbitrary script on another client via a URL that contains the script.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
netgear rt314 3.22
netgear rt314 3.25
netgear rt314 3.24
CVE-2002-1877 HIGH

NETGEAR FM114P allows remote attackers to bypass access restrictions for web sites via a URL that uses the IP address instead of the hostname.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
netgear fm114p *
CVE-2002-1892 LOW

NETGEAR FVS318 running firmware 1.1 stores the username and password in a readable format when a backup of the configuration file is made, which allows local users to obtain sensitive information.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
netgear fvs318 1.1
CVE-2002-2020 HIGH

Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26 uses a default administrator password and accepts admin logins on the external interface, which allows remote attackers to gain privileges if the password is not changed.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
netgear rp114 3.26
CVE-2002-2116 MEDIUM

Netgear RM-356 and RT-338 series SOHO routers allow remote attackers to cause a denial of service (crash) via a UDP port scan, as demonstrated using nmap.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
netgear rt338 *
netgear rm356 *
CVE-2002-2354 HIGH

Netgear FM114P firmware 1.3 wireless firewall allows remote attackers to cause a denial of service (crash or hang) via a large number of TCP connection requests.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
netgear fm114p *
CVE-2002-2355 HIGH

Netgear FM114P firmware 1.3 wireless firewall, when configured to backup configuration information, stores DDNS (DynDNS) user name and password, MAC address filtering table and possibly other information in cleartext, which could allow local users to obtain sensitive information.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-255,

Products Affected

Vendor Product Version
netgear fm114p *
CVE-2003-1427 MEDIUM

Directory traversal vulnerability in the web configuration interface in Netgear FM114P 1.4 allows remote attackers to read arbitrary files, such as the netgear.cfg configuration file, via a hex-encoded (%2e%2e%2f) ../ (dot dot slash) in the port parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
netgear fm114p 1.4_beta_release_17
CVE-2004-0611 MEDIUM

Web-Based Administration in Netgear FVS318 VPN Router allows remote attackers to cause a denial of service (no new connections) via a large number of open HTTP connections.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
netgear fvs318 1.2
netgear fvs318 1.0
netgear fvs318 1.1
netgear fvs318 1.3
CVE-2004-2032 HIGH

Netgear RP114 allows remote attackers to bypass the keyword based URL filtering by requesting a long URL, as demonstrated using a large number of %20 (hex-encoded space) sequences.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
netgear rp114 3.26
CVE-2004-2556 MEDIUM

NetGear WG602 (aka WG602v1) Wireless Access Point firmware 1.04.0 and 1.5.67 has a hardcoded account of username "super" and password "5777364", which allows remote attackers to modify the configuration.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
netgear wg602 1.04.0
netgear wg602 1.5.67
CVE-2004-2557 MEDIUM

NetGear WG602 (aka WG602v1) Wireless Access Point 1.7.14 has a hardcoded account of username "superman" and password "21241036", which allows remote attackers to modify the configuration.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
netgear wg602 1.7.14
CVE-2005-0290 HIGH

NETGEAR FVS318 running firmware 2.4, and possibly other versions, allows remote attackers to bypass the filters using hex encoded URLs, as demonstrated using a hex encoded file extension.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
netgear fvs318 2.4
CVE-2005-0291 MEDIUM

Cross-site scripting (XSS) vulnerability in the log viewer in NETGEAR FVS318 running firmware 2.4, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via a blocked URL phrase.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
netgear fvs318 2.4
CVE-2005-0328 MEDIUM

Zyxel P310, P314, P324 and Netgear RT311, RT314 running the latest firmware, allows remote attackers on the WAN to obtain the IP address of the LAN side interface by pinging a valid LAN IP address, which generates an ARP reply from the WAN address side that maps the LAN IP address to the WAN's MAC address.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
zyxel prestige 314
netgear rt311 *
netgear rt314 *
zyxel prestige 324
zyxel prestige 310
CVE-2005-4220 HIGH

Netgear RP114, and possibly other versions and devices, allows remote attackers to cause a denial of service via a SYN flood attack between one system on the internal interface and another on the external interface, which temporarily stops routing between the interfaces, as demonstrated using nmap.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
netgear rp114 3.26
CVE-2006-1002 HIGH

NETGEAR WGT624 Wireless DSL router has a default account of super_username "Gearguy" and super_passwd "Geardog", which allows remote attackers to modify the configuration. NOTE: followup posts have suggested that this might not occur with all WGT624 routers.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-255,

Products Affected

Vendor Product Version
netgear wgt624 *
CVE-2006-1003 MEDIUM

The backup configuration option in NETGEAR WGT624 Wireless Firewall Router stores sensitive information in cleartext, which allows remote attackers to obtain passwords and gain privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
netgear wgt624 *
CVE-2006-1068 MEDIUM

Netgear 614 and 624 routers, possibly running VXWorks, allow remote attackers to cause a denial of service by sending a malformed DCC SEND string to an IRC channel, which causes an IRC connection reset, possibly related to the masquerading code for NAT environments, and as demonstrated via (1) a DCC SEND with a single long argument, or (2) a DCC SEND with IP, port, and filesize arguments with a 0 value.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
netgear netgear_router *
CVE-2011-1673 MEDIUM

BackupConfig.php on the NetGear ProSafe WNAP210 allows remote attackers to obtain the administrator password by reading the configuration file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
netgear prosafe_wnap210_firmware 2.0.12
netgear prosafe_wnap210 *
CVE-2011-1674 MEDIUM

The NetGear ProSafe WNAP210 with firmware 2.0.12 allows remote attackers to bypass authentication and obtain access to the configuration page by visiting recreate.php and then visiting index.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
netgear prosafe_wnap210_firmware 2.0.12
netgear prosafe_wnap210 *
CVE-2012-2439 HIGH

The default configuration of the NETGEAR ProSafe FVS318N firewall enables web-based administration on the WAN interface, which allows remote attackers to establish an HTTP connection and possibly have unspecified other impact via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
netgear prosafe_fvs318n -
CVE-2012-6340 LOW

An Authentication vulnerability exists in NETGEAR WGR614 v7 and v9 due to a hardcoded credential used for serial programming, a related issue to CVE-2006-1002.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.6 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 0.9 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-287,

Products Affected

Vendor Product Version
netgear wgr614v7_firmware -
netgear wgr614v9_firmware -
CVE-2012-6341 MEDIUM

An Information Disclosure vulnerability exists in the my config file in NEtGEAR WGR614 v7 and v9, which could let a malicious user recover all previously used passwords on the device, for both the control panel and WEP/WPA/WPA2, in plaintext. This is a different issue than CVE-2012-6340.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
netgear wgr614v7_firmware -
netgear wgr614v9_firmware -
CVE-2013-10060

An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN2200B model) firmware versions 1.0.0.36 and prior via the pppoe.cgi endpoint. A remote attacker with valid credentials can execute arbitrary commands via crafted input to the pppoe_username parameter. This flaw allows full compromise of the device and may persist across reboots unless configuration is restored.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
netgear dgn2200b_firmware *
CVE-2013-10061

An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN1000B model firmware versions 1.1.00.24 and 1.1.00.45) via the TimeToLive parameter in the setup.cgi endpoint. The vulnerability arises from improper input neutralization, enabling command injection through crafted POST requests. This flaw enables remote attackers to deploy payloads or manipulate system state post-authentication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
netgear dgn1000b_firmware 1.1.00.45
netgear dgn1000b_firmware 1.1.00.24
CVE-2013-2751 HIGH

Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbitrary Perl code via a crafted request, related to the "forgot password workflow."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
netgear raidiator *
CVE-2013-2752 MEDIUM

Cross-site request forgery (CSRF) vulnerability in frontview/lib/np_handler.pl in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to hijack the authentication of users.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
netgear raidiator *
CVE-2013-3069 LOW

Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR WNDR4700 with firmware 1.0.0.34 allow remote authenticated users to inject arbitrary web script or HTML via the (1) UserName or (2) Password to the NAS User Setup page, (3) deviceName to USB_advanced.htm, or (4) Network Key to the Wireless Setup page.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear wndr4700 -
netgear wndr4700_firmware 1.0.0.34
CVE-2013-3070 MEDIUM

An Information Disclosure vulnerability exists in Netgear WNDR4700 running firmware 1.0.0.34 in the management web interface, which discloses the PSK of the wireless LAN.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
netgear wndr4700_firmware 1.0.0.34
CVE-2013-3071 HIGH

NETGEAR Centria WNDR4700 devices with firmware 1.0.0.34 allow authentication bypass.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
netgear wndr4700_firmware 1.0.0.34
CVE-2013-3072 HIGH

An Authentication Bypass vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34 in http://<router_ip>/apply.cgi?/hdd_usr_setup.htm that when visited by any user, authenticated or not, causes the router to no longer require a password to access the web administration portal.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
netgear wndr4700_firmware 1.0.0.34
CVE-2013-3073 HIGH

A Symlink Traversal vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
netgear wndr4700_firmware 1.0.0.34
CVE-2013-3074 HIGH

NetGear WNDR4700 Media Server devices with firmware 1.0.0.34 allow remote attackers to cause a denial of service (device crash).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,

Products Affected

Vendor Product Version
netgear wndr4700_firmware 1.0.0.34
CVE-2013-3316 HIGH

Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass due to the server skipping checks for URLs containing a ".jpg".

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
netgear wnr1000_firmware *
CVE-2013-3317 HIGH

Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass via the NtgrBak key.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
netgear wnr1000_firmware *
CVE-2013-3516 MEDIUM

NETGEAR WNR3500U and WNR3500L routers uses form tokens abased solely on router's current date and time, which allows attackers to guess the CSRF tokens.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
netgear wnr3500l_firmware 1.2.2.44_35.0.53na
netgear wnr3500u_firmware 1.2.2.44_35.0.53na
CVE-2013-3517 LOW

Cross-site scripting (XSS) vulnerability in NETGEAR WNR3500U and WNR3500L.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear wnr3500l_firmware -
netgear wnr3500u_firmware -
CVE-2013-4657 HIGH

Symlink Traversal vulnerability in NETGEAR WNR3500U and WNR3500L due to misconfiguration in the SMB service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
netgear wnr3500l_firmware -
netgear wnr3500u_firmware -
CVE-2013-4775 HIGH

NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier; GS748Tv4 with firmware 5.4.1.14; GS510TP with firmware 5.4.0.6; GS752TPS, GS728TPS, GS728TS, and GS725TS with firmware 5.3.0.17; and GS752TXS and GS728TXS with firmware 6.1.0.12 allows remote attackers to read encrypted administrator credentials and other startup configurations via a direct request to filesystem/startup-config.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-200,

Products Affected

Vendor Product Version
netgear prosafe_gs728ts -
netgear prosafe_firmware *
netgear prosafe_gs752txs -
netgear prosafe_firmware 6.1.0.12
netgear prosafe_gs728tps -
netgear prosafe_gs748t v4
netgear prosafe_firmware 5.3.0.17
netgear prosafe_gs752tps -
netgear prosafe_firmware 5.4.1.10
netgear prosafe_gs725ts -
netgear prosafe_gs724t v3
netgear prosafe_gs728txs -
netgear prosafe_firmware 5.4.1.13
netgear prosafe_firmware 5.4.0.6
netgear prosafe_firmware 5.0.4.4
netgear prosafe_s716t v2
netgear prosafe_gs510tp -
CVE-2013-4776 HIGH

NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier, GS748Tv4 5.4.1.14, and GS510TP 5.0.4.4 allows remote attackers to cause a denial of service (reboot or crash) via a crafted HTTP request to filesystem/.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear prosafe_firmware 5.4.1.10
netgear prosafe_firmware *
netgear prosafe_gs724t v3
netgear prosafe_firmware 5.4.0.6
netgear prosafe_gs748t v4
netgear prosafe_firmware 5.0.4.4
netgear prosafe_s716t v2
netgear prosafe_firmware 5.4.1.14
netgear prosafe_gs510tp -
netgear prosafe_firmware 5.3.0.17
CVE-2014-2969 HIGH

NETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5 have a hardcoded password of debugpassword for the ntgruser account, which allows remote attackers to upload firmware or read or modify memory contents, and consequently execute arbitrary code, via a request to (1) produce_burn.cgi, (2) register_debug.cgi, or (3) bootcode_update.cgi.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-255,

Products Affected

Vendor Product Version
netgear gs108pe -
netgear gs108pe_firmware 1.2.0.5
CVE-2014-3919 MEDIUM

A vulnerability exists in Netgear CG3100 devices before 3.9.2421.13.mp3 V0027 via an embed malicious script in an unspecified page, which could let a malicious user obtain sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.3 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N 2.8 5.8

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear cg3100_firmware *
CVE-2014-4864 LOW

The NETGEAR ProSafe Plus Configuration Utility creates configuration backup files containing cleartext passwords, which might allow remote attackers to obtain sensitive information by reading a file.

CVSS 2.0

Severity: LOW

Problem Type: CWE-255,

Products Affected

Vendor Product Version
netgear prosafe_firmware *
CVE-2014-4927 HIGH

Buffer overflow in ACME micro_httpd, as used in D-Link DSL2750U and DSL2740U and NetGear WGR614 and MR-ADSL-DG834 routers allows remote attackers to cause a denial of service (crash) via a long string in the URI in a GET request.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
netgear wgr614 v5
acme micro_httpd -
netgear wgr614 v3
netgear wgr614 v9
netgear wgr614 v1
dlink dsl2750u -
netgear wgr614 v2
netgear mr-adsl-dg834 -
netgear wgr614 v6
netgear wgr614 v4
netgear wgr614 v8
netgear wgr614 v7
dlink dsl2740u -
CVE-2015-0718 HIGH

Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and 7000 devices and Unified Computing System (UCS) platforms allows remote attackers to cause a denial of service (TCP stack reload) by sending crafted TCP packets to a device that has a TIME_WAIT TCP session, aka Bug ID CSCub70579.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
cisco unified_computing_system 2.1_1f
samsung x14j_firmware t-ms14jakucb-1102.5
cisco unified_computing_system 1.6_base
cisco unified_computing_system 2.1_3c
zzinc keymouse_firmware 3.08
cisco unified_computing_system 2.0_3a
cisco unified_computing_system 1.5_base
cisco unified_computing_system 2.0_5f
cisco unified_computing_system 2.1_3a
cisco unified_computing_system 1.4_4j
cisco unified_computing_system 2.2_1e
cisco unified_computing_system 2.1_1e
cisco unified_computing_system 1.4_3q
cisco unified_computing_system 2.2_2e
cisco unified_computing_system 1.4_4l
cisco unified_computing_system 2.0_4a
cisco unified_computing_system 2.1_1a
cisco unified_computing_system 1.4_3u
cisco unified_computing_system 1.4_4g
cisco unified_computing_system 2.1_3d
cisco unified_computing_system 1.4_3y
cisco unified_computing_system 2.1_2c
zyxel gs1900-10hp_firmware *
cisco unified_computing_system 2.0_1x
cisco unified_computing_system 2.1_1d
cisco unified_computing_system 2.2_2c
cisco unified_computing_system 1.4_3s
cisco unified_computing_system 2.0_2r
cisco unified_computing_system 1.4_3m
cisco unified_computing_system 2.0_5d
cisco unified_computing_system 2.0_5b
cisco unified_computing_system 1.4_1i
cisco unified_computing_system 2.1_2a
cisco unified_computing_system 2.0_4b
cisco nx-os base
cisco unified_computing_system 1.4_4i
cisco unified_computing_system 2.1_3b
cisco unified_computing_system 2.2_1d
cisco unified_computing_system 2.0_1s
cisco unified_computing_system 2.0_4d
cisco unified_computing_system 2.0_3c
cisco unified_computing_system 2.0_1t
cisco unified_computing_system 2.0_5e
cisco unified_computing_system 2.1_3e
sun opensolaris snv_124
cisco unified_computing_system 2.0_2q
cisco unified_computing_system 2.0_3b
cisco unified_computing_system 2.2_2d
cisco unified_computing_system 1.4_3i
cisco unified_computing_system 2.0_1q
cisco unified_computing_system 2.1_3f
cisco unified_computing_system 2.0_2m
netgear jr6150_firmware *
cisco unified_computing_system 2.0_5a
cisco unified_computing_system 2.0_1w
cisco unified_computing_system 1.4_1m
cisco unified_computing_system 2.1_2d
cisco unified_computing_system 1.4_4f
cisco unified_computing_system 1.4_1j
cisco unified_computing_system 1.4_4k
cisco unified_computing_system 2.2_1b
cisco unified_computing_system 1.4_3l
cisco unified_computing_system 2.2_1c
cisco unified_computing_system 2.0_5c
cisco unified_computing_system 2.1_1b
CVE-2015-6312 HIGH

Cisco TelePresence Server 3.1 on 7010, Mobility Services Engine (MSE) 8710, Multiparty Media 310 and 320, and Virtual Machine (VM) devices allows remote attackers to cause a denial of service (device reload) via malformed STUN packets, aka Bug ID CSCuv01348.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
zzinc keymouse_firmware 3.08
zyxel gs1900-10hp_firmware *
netgear jr6150_firmware *
dell emc_powerscale_onefs 8.2.2
CVE-2015-8263 MEDIUM

NETGEAR WNR1000v3 devices with firmware 1.0.2.68 use the same source port number for every DNS query, which makes it easier for remote attackers to spoof responses by selecting that number for the destination port.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
netgear wnr1000v3 *
netgear wnr1000v3_firmware 1.0.2.68
CVE-2015-8288 MEDIUM

NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier use the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
netgear d3600_firmware 1.0.0.49
netgear d6000_firmware *
CVE-2015-8289 MEDIUM

The password-recovery feature on NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier allows remote attackers to discover the cleartext administrator password by reading the cgi-bin/passrec.asp HTML source code.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-255,

Products Affected

Vendor Product Version
netgear d3600_firmware 1.0.0.49
netgear d6000_firmware *
CVE-2016-10106 MEDIUM

Directory traversal vulnerability in scgi-bin/platform.cgi on NETGEAR FVS336Gv3, FVS318N, FVS318Gv2, and SRX5308 devices with firmware before 4.3.3-8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the thispage parameter, as demonstrated by reading the /etc/shadow file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
netgear srx5308_firmware *
netgear fvs318n_firmware *
netgear fvs336gv3_firmware *
netgear fvs318gv2_firmware *
CVE-2016-10115 HIGH

NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier have a default password of 12345678, which makes it easier for remote attackers to obtain access after a factory reset or in a factory configuration.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
netgear arlo_q_plus_camera_firmware *
netgear arlo_base_station_firmware *
netgear arlo_q_camera_firmware *
CVE-2016-10116 HIGH

NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier use a pattern of adjective, noun, and three-digit number for the customized password, which makes it easier for remote attackers to obtain access via a dictionary attack.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
netgear arlo_q_plus_camera_firmware *
netgear arlo_base_station_firmware *
netgear arlo_q_camera_firmware *
CVE-2016-10174 HIGH

The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
netgear r7500v2_firmware -
netgear d7000_firmware -
netgear wnr2000v4_firmware -
netgear r6100_firmware -
netgear jwnr2010v5_firmware -
netgear wnr2000v5_firmware -
netgear wnr2200_firmware -
netgear d6100_firmware -
netgear jnr3300_firmware -
netgear wnr614_firmware -
netgear r2000_firmware -
netgear wnr2500_firmware -
netgear wnr1000v4_firmware -
netgear wndr4500v3_firmware -
netgear wnr1000v2_firmware -
netgear r7500_firmware -
netgear wnr2050_firmware -
netgear wndr4700_firmware -
netgear wndr3700v4_firmware -
netgear d7800_firmware -
netgear wndr4300v2_firmware -
netgear wndr3800_firmware -
netgear jnr1010v2_firmware -
netgear wnr2000v3_firmware -
netgear r6220_firmware -
netgear wndr4300_firmware -
netgear wnr618_firmware -
netgear wnr2020_firmware -
CVE-2016-10175 MEDIUM

The NETGEAR WNR2000v5 router leaks its serial number when performing a request to the /BRS_netgear_success.html URI. This serial number allows a user to obtain the administrator username and password, when used in combination with the CVE-2016-10176 vulnerability that allows resetting the answers to the password-recovery questions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
netgear wnr2000v5_firmware *
CVE-2016-10176 HIGH

The NETGEAR WNR2000v5 router allows an administrator to perform sensitive actions by invoking the apply.cgi URL on the web server of the device. This special URL is handled by the embedded web server (uhttpd) and processed accordingly. The web server also contains another URL, apply_noauth.cgi, that allows an unauthenticated user to perform sensitive actions on the device. This functionality can be exploited to change the router settings (such as the answers to the password-recovery questions) and achieve remote code execution.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
netgear wnr2000v5_firmware *
CVE-2016-10864 LOW

NETGEAR EX7000 V1.0.0.42_1.0.94 devices allow XSS via the SSID.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear ex7000_firmware *
CVE-2016-11014 HIGH

NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control because the ok value of the auth cookie is a special case.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-613,

Products Affected

Vendor Product Version
netgear jnr1010_firmware *
CVE-2016-11015 MEDIUM

NETGEAR JNR1010 devices before 1.0.0.32 allow cgi-bin/webproc CSRF via the :InternetGatewayDevice.X_TWSZ-COM_URL_Filter.BlackList.1.URL parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
netgear jnr1010_firmware *
CVE-2016-11016 MEDIUM

NETGEAR JNR1010 devices before 1.0.0.32 allow webproc?getpage= XSS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear jnr1010_firmware *
CVE-2016-11022 MEDIUM

NETGEAR Prosafe WC9500 5.1.0.17, WC7600 5.1.0.17, and WC7520 2.5.0.35 devices allow a remote attacker to execute code with root privileges via shell metacharacters in the reqMethod parameter to login_handler.php.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
netgear prosafe_wc7520_firmware 2.5.0.35
netgear prosafe_wc7600_firmware 5.1.0.17
netgear prosafe_wc9500_firmware 5.1.0.17
CVE-2016-11054 HIGH

NETGEAR DGN2200v4 devices before 2017-01-06 are affected by command execution and an FTP insecure root directory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
netgear dgn2200_firmware *
CVE-2016-11055 MEDIUM

Certain NETGEAR devices are affected by CSRF. This affects CM400 before 2017-01-11, CM600 before 2017-01-11, D1500 before 2017-01-11, D500 before 2017-01-11, DST6501 before 2017-01-11, JNR1010v1 before 2017-01-11, JWNR2000Tv3 before 2017-01-11, JWNR2010v3 before 2017-01-11, PLW1000 before 2017-01-11, PLW1010 before 2017-01-11, WNR500 before 2017-01-11, WNR612v3 before 2017-01-11, N450 before 2017-01-11, and CG3000Dv2 before 2017-01-11.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
netgear d1500_firmware *
netgear wnr500_firmware *
netgear wnr612_firmware *
netgear d500_firmware *
netgear cm400_firmware *
netgear jnr1010_firmware *
netgear plw1010_firmware *
netgear cm600_firmware *
netgear jwnr2000t_firmware *
netgear dst6501_firmware *
netgear jwnr2010_firmware *
netgear n450_cg3000d_firmware *
netgear plw1000_firmware *
CVE-2016-11056 HIGH

Certain NETGEAR devices are affected by anonymous root access. This affects ReadyNAS Surveillance 1.1.1-3-armel and earlier and ReadyNAS Surveillance 1.4.1-3-amd64 and earlier.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear readynas_surveillance *
CVE-2016-11057 MEDIUM

Certain NETGEAR devices are affected by mishandling of repeated URL calls. This affects JNR1010v2 before 2017-01-06, WNR614 before 2017-01-06, WNR618 before 2017-01-06, JWNR2000v5 before 2017-01-06, WNR2020 before 2017-01-06, JWNR2010v5 before 2017-01-06, WNR1000v4 before 2017-01-06, WNR2020v2 before 2017-01-06, R6220 before 2017-01-06, and WNDR3700v5 before 2017-01-06.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear wnr1000_firmware *
netgear wnr614_firmware *
netgear jnr1010_firmware *
netgear jwnr2010_firmware *
netgear r6220_firmware *
netgear wnr618_firmware *
netgear wnr2020_firmware *
netgear jwnr2000_firmware *
CVE-2016-11058 MEDIUM

The NETGEAR genie application before 2.4.34 for Android is affected by mishandling of hard-coded API keys and session IDs.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-613,

Products Affected

Vendor Product Version
netgear genie *
CVE-2016-11059 MEDIUM

Certain NETGEAR devices are affected by password exposure. This affects AC1450 before 2017-01-06, C6300 before 2017-01-06, D500 before 2017-01-06, D1500 before 2017-01-06, D3600 before 2017-01-06, D6000 before 2017-01-06, D6100 before 2017-01-06, D6200 before 2017-01-06, D6200B before 2017-01-06, D6300B before 2017-01-06, D6300 before 2017-01-06, DGN1000v3 before 2017-01-06, DGN2200v1 before 2017-01-06, DGN2200v3 before 2017-01-06, DGN2200V4 before 2017-01-06, DGN2200Bv3 before 2017-01-06, DGN2200Bv4 before 2017-01-06, DGND3700v1 before 2017-01-06, DGND3700v2 before 2017-01-06, DGND3700Bv2 before 2017-01-06, JNR1010v1 before 2017-01-06, JNR1010v2 before 2017-01-06, JNR3300 before 2017-01-06, JR6100 before 2017-01-06, JR6150 before 2017-01-06, JWNR2000v5 before 2017-01-06, R2000 before 2017-01-06, R6050 before 2017-01-06, R6100 before 2017-01-06, R6200 before 2017-01-06, R6200v2 before 2017-01-06, R6220 before 2017-01-06, R6250 before 2017-01-06, R6300 before 2017-01-06, R6300v2 before 2017-01-06, R6700 before 2017-01-06, R7000 before 2017-01-06, R7900 before 2017-01-06, R7500 before 2017-01-06, R8000 before 2017-01-06, WGR614v10 before 2017-01-06, WNR1000v2 before 2017-01-06, WNR1000v3 before 2017-01-06, WNR1000v4 before 2017-01-06, WNR2000v3 before 2017-01-06, WNR2000v4 before 2017-01-06, WNR2000v5 before 2017-01-06, WNR2200 before 2017-01-06, WNR2500 before 2017-01-06, WNR3500Lv2 before 2017-01-06, WNDR3400v2 before 2017-01-06, WNDR3400v3 before 2017-01-06, WNDR3700v3 before 2017-01-06, WNDR3700v4 before 2017-01-06, WNDR3700v5 before 2017-01-06, WNDR4300 before 2017-01-06, WNDR4300v2 before 2017-01-06, WNDR4500v1 before 2017-01-06, WNDR4500v2 before 2017-01-06, and WNDR4500v3 before 2017-01-06.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
netgear r2000_firmware *
netgear wndr3700_firmware *
netgear d1500_firmware *
netgear r7000_firmware *
netgear wnr1000_firmware *
netgear wndr4300_firmware *
netgear wnr3500l_firmware *
netgear r6100_firmware *
netgear d6100_firmware *
netgear d500_firmware *
netgear r8000_firmware *
netgear jr6100_firmware *
netgear wndr4500_firmware *
netgear wnr2500_firmware *
netgear wndr3400_firmware *
netgear jr6150_firmware *
netgear r6250_firmware *
netgear dgn2200_firmware *
netgear dgn2200b_firmware *
netgear r6200_firmware *
netgear c6300_firmware *
netgear d6200b_firmware *
netgear r6050_firmware *
netgear jnr3300_firmware *
netgear r6700_firmware *
netgear d6000_firmware *
netgear jnr1010_firmware *
netgear r7900_firmware *
netgear d6300_firmware *
netgear d6200_firmware *
netgear wgr614_firmware *
netgear r6300_firmware *
netgear dgn1000_firmware *
netgear d3600_firmware *
netgear ac1450_firmware *
netgear d6300b_firmware *
netgear wnr2200_firmware *
netgear r7500_firmware *
netgear dgnd3700_firmware *
netgear r6220_firmware *
netgear dgnd3700b_firmware *
netgear jwnr2000_firmware *
netgear wnr2000_firmware *
CVE-2016-11060 MEDIUM

Certain NETGEAR devices are affected by insecure renegotiation. This affects SRX5308 before 2017-02-10, FVS336Gv3 before 2017-02-10, FVS318N before 2017-02-10, and FVS318Gv2 before 2017-02-10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear srx5308_firmware *
netgear fvs336g_firmware *
netgear fvs318n_firmware *
netgear fvs318g_firmware *
CVE-2016-1344 HIGH

The IKEv2 implementation in Cisco IOS 15.0 through 15.6 and IOS XE 3.3 through 3.17 allows remote attackers to cause a denial of service (device reload) via fragmented packets, aka Bug ID CSCux38417.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
cisco ios_xe 3.13s_3.13.0s
cisco ios_xe 3.5e_3.5.3e
samsung x14j_firmware t-ms14jakucb-1102.5
cisco ios_xe 3.4s_3.4.1s
zzinc keymouse_firmware 3.08
cisco ios_xe 3.13s_3.13.3s
cisco ios_xe 3.7s_3.7.4s
cisco ios_xe 3.9s_3.9.1as
cisco ios_xe 3.13s_3.13.2s
cisco ios_xe 3.10s_3.10.5s
cisco ios_xe 3.6e_3.6.2ae
cisco ios_xe 3.3s_3.3.1s
cisco ios_xe 3.5e_3.5.2e
cisco ios_xe 3.12s_3.12.2s
cisco ios_xe 3.4sg_3.4.5sg
cisco ios_xe 3.4s_3.4.3s
cisco ios_xe 3.10s_3.10.0s
cisco ios_xe 3.16s_3.16.0s
cisco ios_xe 3.3s_3.3.2s
cisco ios_xe 3.8e_3.8.1e
cisco ios_xe 3.4s_3.4.0s
cisco ios_xe 3.11s_3.11.2s
cisco ios_xe 3.7e_3.7.0e
cisco ios_xe 3.7e_3.7.2e
cisco ios_xe 3.7s_3.7.0s
cisco ios_xe 3.7s_3.7.1s
cisco ios_xe 3.6e_3.6.0e
cisco ios_xe 3.7s_3.7.3s
cisco ios_xe 3.4s_3.4.2s
cisco ios_xe 3.15s_3.15.1s
cisco ios_xe 3.6e_3.6.1e
cisco ios_xe 3.16s_3.16.1s
cisco ios_xe 3.6s_3.6.2s
cisco ios_xe 3.7e_3.7.1e
cisco ios_xe 3.10s_3.10.3s
cisco ios_xe 3.4s_3.4.5s
cisco ios_xe 3.3xo_3.3.1xo
sun opensolaris snv_124
cisco ios_xe 3.13s_3.13.4s
netgear jr6150_firmware *
cisco ios_xe 3.4sg_3.4.6sg
lenovo thinkcentre_e75s_firmware *
cisco ios_xe 3.14s_3.14.2s
cisco ios_xe 3.14s_3.14.0s
cisco ios_xe 3.15s_3.15.2s
cisco ios_xe 3.5s_3.5.1s
cisco ios_xe 3.6s_3.6.0s
cisco ios_xe 3.12s_3.12.0s
cisco ios_xe 3.10s_3.10.6s
cisco ios_xe 3.6e_3.6.3e
cisco ios_xe 3.12s_3.12.1s
cisco ios_xe 3.11s_3.11.0s
cisco ios_xe 3.8s_3.8.0s
cisco ios_xe 3.3sg_3.3.1sg
cisco ios_xe 3.5s_3.5.2s
cisco ios_xe 3.9s_3.9.1s
cisco ios_xe 3.4s_3.4.0as
cisco ios_xe 3.10s_3.10.1xbs
cisco ios_xe 3.4sg_3.4.2sg
cisco ios_xe 3.10s_3.10.1s
cisco ios_xe 3.10s_3.10.4s
cisco ios_xe 3.3xo_3.3.2xo
cisco ios_xe 3.14s_3.14.3s
cisco ios_xe 3.4s_3.4.4s
cisco ios_xe 3.15s_3.15.1cs
cisco ios_xe 3.3sg_3.3.2sg
cisco ios_xe 3.4sg_3.4.1sg
cisco ios_xe 3.9s_3.9.0as
cisco ios_xe 3.9s_3.9.2s
cisco ios_xe 3.9s_3.9.0s
cisco ios_xe 3.8e_3.8.0e
cisco ios_xe 3.3sg_3.3.0sg
cisco ios_xe 3.12s_3.12.3s
cisco ios_xe 3.3s_3.3.0s
cisco ios_xe 3.6s_3.6.1s
cisco ios_xe 3.11s_3.11.3s
cisco ios_xe 3.4sg_3.4.4sg
cisco ios_xe 3.3xo_3.3.0xo
cisco ios_xe 3.4sg_3.4.3sg
cisco ios_xe 3.7s_3.7.4as
cisco ios_xe 3.4s_3.4.6s
cisco ios_xe 3.8s_3.8.2s
cisco ios_xe 3.14s_3.14.1s
cisco ios_xe 3.7s_3.7.7s
zyxel gs1900-10hp_firmware *
cisco ios_xe 3.7s_3.7.5s
cisco ios_xe 3.7s_3.7.2ts
cisco ios_xe 3.15s_3.15.0s
cisco ios_xe 3.5e_3.5.0e
cisco ios_xe 3.16s_3.16.1as
cisco ios_xe 3.13s_3.13.0as
cisco ios_xe 3.12s_3.12.4s
cisco ios_xe 3.5e_3.5.1e
cisco ios_xe 3.6e_3.6.2e
cisco ios_xe 3.13s_3.13.1s
cisco ios_xe 3.4sg_3.4.7sg
cisco ios_xe 3.13s_3.13.2as
cisco ios_xe 3.11s_3.11.1s
cisco ios_xe 3.7s_3.7.6s
cisco ios_xe 3.7e_3.7.3e
cisco ios_xe 3.16s_3.16.0cs
cisco ios_xe 3.5s_3.5.0s
cisco ios_xe 3.8s_3.8.1s
cisco ios_xe 3.17s_3.17.0s
cisco ios_xe 3.7s_3.7.2s
cisco ios_xe 3.11s_3.11.4s
cisco ios_xe 3.4sg_3.4.0sg
cisco ios_xe 3.10s_3.10.2s
CVE-2016-1346 HIGH

The kernel in Cisco TelePresence Server 3.0 through 4.2(4.18) on Mobility Services Engine (MSE) 8710 devices allows remote attackers to cause a denial of service (panic and reboot) via a crafted sequence of IPv6 packets, aka Bug ID CSCuu46673.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
samsung x14j_firmware t-ms14jakucb-1102.5
zzinc keymouse_firmware 3.08
zyxel gs1900-10hp_firmware *
netgear jr6150_firmware *
dell emc_powerscale_onefs 8.2.2
CVE-2016-1348 HIGH

Cisco IOS 15.0 through 15.5 and IOS XE 3.3 through 3.16 allow remote attackers to cause a denial of service (device reload) via a crafted DHCPv6 Relay message, aka Bug ID CSCus55821.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
cisco ios_xe 3.13s_3.13.0s
cisco ios_xe 3.5e_3.5.3e
samsung x14j_firmware t-ms14jakucb-1102.5
cisco ios_xe 3.10s_3.10.1xbs
cisco ios_xe 3.10s_3.10.1s
cisco ios_xe 3.10s_3.10.4s
zzinc keymouse_firmware 3.08
cisco ios_xe 3.3xo_3.3.2xo
cisco ios_xe 3.14s_3.14.3s
cisco ios_xe 3.13s_3.13.3s
cisco ios_xe 3.15s_3.15.1cs
cisco ios_xe 3.9s_3.9.0as
cisco ios_xe 3.7s_3.7.4s
cisco ios_xe 3.9s_3.9.1as
cisco ios_xe 3.9s_3.9.2s
cisco ios_xe 3.13s_3.13.2s
cisco ios_xe 3.9s_3.9.0s
cisco ios_xe 3.10s_3.10.5s
cisco ios_xe 3.8e_3.8.0e
cisco ios_xe 3.6e_3.6.2ae
cisco ios_xe 3.12s_3.12.3s
cisco ios_xe 3.6s_3.6.1s
cisco ios_xe 3.11s_3.11.3s
cisco ios_xe 3.3xo_3.3.0xo
cisco ios_xe 3.5e_3.5.2e
cisco ios_xe 3.7s_3.7.4as
cisco ios_xe 3.12s_3.12.2s
cisco ios_xe 3.8s_3.8.2s
cisco ios_xe 3.10s_3.10.0s
cisco ios_xe 3.16s_3.16.0s
cisco ios_xe 3.14s_3.14.1s
cisco ios_xe 3.7s_3.7.7s
zyxel gs1900-10hp_firmware *
cisco ios_xe 3.7s_3.7.5s
cisco ios_xe 3.7s_3.7.2ts
cisco ios_xe 3.15s_3.15.0s
cisco ios_xe 3.5e_3.5.0e
cisco ios_xe 3.16s_3.16.1as
cisco ios_xe 3.13s_3.13.0as
cisco ios_xe 3.11s_3.11.2s
cisco ios_xe 3.7e_3.7.0e
cisco ios_xe 3.7e_3.7.2e
cisco ios_xe 3.7s_3.7.0s
cisco ios_xe 3.7s_3.7.1s
cisco ios_xe 3.12s_3.12.4s
cisco ios_xe 3.6e_3.6.0e
cisco ios_xe 3.7s_3.7.3s
cisco ios_xe 3.5e_3.5.1e
cisco ios_xe 3.6e_3.6.2e
cisco ios_xe 3.15s_3.15.1s
cisco ios_xe 3.13s_3.13.1s
cisco ios_xe 3.6e_3.6.1e
cisco ios_xe 3.16s_3.16.1s
cisco ios_xe 3.6s_3.6.2s
cisco ios_xe 3.7e_3.7.1e
cisco ios_xe 3.10s_3.10.3s
cisco ios_xe 3.13s_3.13.2as
cisco ios_xe 3.11s_3.11.1s
cisco ios_xe 3.3xo_3.3.1xo
sun opensolaris snv_124
cisco ios_xe 3.13s_3.13.4s
netgear jr6150_firmware *
cisco ios_xe 3.7s_3.7.6s
cisco ios_xe 3.14s_3.14.2s
cisco ios_xe 3.14s_3.14.0s
cisco ios_xe 3.15s_3.15.2s
cisco ios_xe 3.5s_3.5.1s
cisco ios_xe 3.6s_3.6.0s
cisco ios_xe 3.12s_3.12.0s
cisco ios_xe 3.10s_3.10.6s
cisco ios_xe 3.6e_3.6.3e
cisco ios_xe 3.16s_3.16.0cs
cisco ios_xe 3.5s_3.5.0s
cisco ios_xe 3.8s_3.8.1s
cisco ios_xe 3.12s_3.12.1s
cisco ios_xe 3.7s_3.7.2s
cisco ios_xe 3.11s_3.11.4s
cisco ios_xe 3.10s_3.10.2s
cisco ios_xe 3.11s_3.11.0s
cisco ios_xe 3.8s_3.8.0s
cisco ios_xe 3.5s_3.5.2s
cisco ios_xe 3.9s_3.9.1s
CVE-2016-1349 HIGH

The Smart Install client implementation in Cisco IOS 12.2, 15.0, and 15.2 and IOS XE 3.2 through 3.7 allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in a Smart Install packet, aka Bug ID CSCuv45410.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
cisco ios_xe 3.3se_3.3.2se
cisco ios_xe 3.5e_3.5.3e
cisco ios_xe 3.6e_3.6.2e
samsung x14j_firmware t-ms14jakucb-1102.5
cisco ios_xe 3.4sg_3.4.2sg
cisco ios_xe 3.6e_3.6.1e
zzinc keymouse_firmware 3.08
cisco ios_xe 3.3xo_3.3.2xo
cisco ios_xe 3.2se_3.2.3se
cisco ios_xe 3.3se_3.3.1se
cisco ios_xe 3.7e_3.7.1e
cisco ios_xe 3.3se_3.3.5se
cisco ios_xe 3.4sg_3.4.1sg
cisco ios_xe 3.3xo_3.3.1xo
sun opensolaris snv_124
cisco ios_xe 3.6e_3.6.2ae
netgear jr6150_firmware *
cisco ios_xe 3.3se_3.3.3se
cisco ios_xe 3.4sg_3.4.4sg
cisco ios_xe 3.3xo_3.3.0xo
cisco ios_xe 3.4sg_3.4.3sg
cisco ios_xe 3.5e_3.5.2e
cisco ios_xe 3.4sg_3.4.5sg
cisco ios_xe 3.4sg_3.4.6sg
cisco ios_xe 3.2se_3.2.0se
cisco ios_xe 3.3se_3.3.0se
zyxel gs1900-10hp_firmware *
cisco ios_xe 3.2ja_3.2.0ja
cisco ios_xe 3.5e_3.5.0e
cisco ios_xe 3.2se_3.2.1se
cisco ios_xe 3.2se_3.2.2se
cisco ios_xe 3.4sg_3.4.0sg
cisco ios_xe 3.3se_3.3.4se
cisco ios_xe 3.7e_3.7.0e
cisco ios_xe 3.7e_3.7.2e
cisco ios_xe 3.6e_3.6.0e
intel core_i5-9400f_firmware -
cisco ios_xe 3.5e_3.5.1e
CVE-2016-1524 HIGH

Multiple unrestricted file upload vulnerabilities in NETGEAR Management System NMS300 1.5.0.11 and earlier allow remote attackers to execute arbitrary Java code by using (1) fileUpload.do or (2) lib-1.0/external/flash/fileUpload.do to upload a JSP file, and then accessing it via a direct request for a /null URI.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
netgear prosafe_network_management_software_300 *
CVE-2016-1525 HIGH

Directory traversal vulnerability in data/config/image.do in NETGEAR Management System NMS300 1.5.0.11 and earlier allows remote authenticated users to read arbitrary files via a .. (dot dot) in the realName parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
netgear prosafe_network_management_software_300 1.5.0.11
CVE-2016-1555 HIGH

(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,CWE-77,

Products Affected

Vendor Product Version
netgear wndap660_firmware *
netgear wn802tv2_firmware *
netgear wndap210v2_firmware *
netgear wndap360_firmware *
netgear wn604_firmware *
netgear wnap320_firmware *
netgear wndap350_firmware *
CVE-2016-1556 MEDIUM

Information disclosure in Netgear WN604 before 3.3.3; WNAP210, WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0; and WND930 before 2.0.11 allows remote attackers to read the wireless WPS PIN or passphrase by visiting unauthenticated webpages.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
netgear wnd930_firmware *
netgear wndap210v2_firmware *
netgear wndap360_firmware *
netgear wn604_firmware *
netgear wnap320_firmware *
netgear wndap350_firmware *
CVE-2016-1557 MEDIUM

Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless passwords and administrative usernames and passwords over SNMP.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
netgear wndap360_firmware *
netgear wnap320_firmware *
netgear wndap350_firmware *
CVE-2016-5638 MEDIUM

There are few web pages associated with the genie app on the Netgear WNDR4500 running firmware version V1.0.1.40_1.0.6877. Genie app adds some capabilities over the Web GUI and can be accessed even when you are away from home. A remote attacker can access genie_ping.htm or genie_ping2.htm or genie_ping3.htm page without authentication. Once accessed, the page will be redirected to the aCongratulations2.htma page, which reveals some sensitive information such as 2.4GHz & 5GHz Wireless Network Name (SSID) and Network Key (Password) in clear text.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-319,CWE-200,

Products Affected

Vendor Product Version
netgear wndr4500_firmware 1.0.1.40_1.0.6877
CVE-2016-5649 MEDIUM

A vulnerability is in the 'BSW_cxttongr.htm' page of the Netgear DGN2200, version DGN2200-V1.0.0.50_7.0.50, and DGND3700, version DGND3700-V1.0.0.17_1.0.17, which can allow a remote attacker to access this page without any authentication. When processed, it exposes the admin password in clear text before it gets redirected to absw_vfysucc.cgia. An attacker can use this password to gain administrator access to the targeted router's web interface.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-319,CWE-200,

Products Affected

Vendor Product Version
netgear dgnd3700_firmware 1.0.0.17_1.0.17
netgear dgn2200_firmware 1.0.0.50_7.0.50
CVE-2016-5674 HIGH

__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
nuuo nvrmini_2 2.0.0
netgear readynas_surveillance 1.1.1
nuuo nvrmini_2 2.2.1
netgear readynas_surveillance 1.1.2
netgear readynas_surveillance 1.4.0
netgear readynas_surveillance 1.4.1
nuuo nvrsolo 2.3.7.9
netgear readynas_surveillance 1.2.0.4
nuuo nvrsolo 2.0.1
nuuo nvrmini_2 3.0.0
nuuo nvrsolo 2.0.0
nuuo nvrsolo 2.3
nuuo nvrsolo 1.75
netgear readynas_surveillance 1.3.2.4
nuuo nvrsolo 3.0.0
nuuo nvrmini_2 1.7.5
nuuo nvrsolo 2.3.9.6
nuuo nvrsolo 2.3.7.10
nuuo nvrsolo 2.1.5
netgear readynas_surveillance 1.3.2.14
nuuo nvrmini_2 1.7.6
nuuo nvrsolo 2.2.2
netgear readynas_surveillance 1.4.2
nuuo nvrsolo 2.3.1.20
CVE-2016-5675 HIGH

handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the NTPServer parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
nuuo nvrsolo 1.0.1
nuuo nvrmini_2 2.0.0
nuuo crystal 2.2.1
nuuo nvrsolo 1.1.0
netgear readynas_surveillance 1.1.1
nuuo nvrmini_2 2.2.1
nuuo nvrsolo 1.0.0
netgear readynas_surveillance 1.1.2
netgear readynas_surveillance 1.4.0
netgear readynas_surveillance 1.4.1
nuuo nvrsolo 2.3.7.9
netgear readynas_surveillance 1.2.0.4
nuuo nvrsolo 2.0.1
nuuo nvrsolo 1.1.1
nuuo nvrmini_2 3.0.0
nuuo nvrsolo 2.0.0
nuuo crystal 3.1.0
nuuo nvrsolo 2.3
nuuo nvrsolo 1.1.2
nuuo nvrsolo 1.75
nuuo nvrsolo 1.3.0
netgear readynas_surveillance 1.3.2.4
nuuo crystal 3.0.0
nuuo nvrsolo 3.0.0
nuuo nvrmini_2 1.7.5
nuuo nvrsolo 2.3.9.6
nuuo crystal 3.2.0
nuuo nvrsolo 2.3.7.10
nuuo nvrsolo 1.1.0.117
nuuo nvrsolo 2.1.5
netgear readynas_surveillance 1.3.2.14
nuuo nvrsolo 1.2.0
nuuo nvrmini_2 1.7.6
nuuo nvrsolo 2.2.2
netgear readynas_surveillance 1.4.2
nuuo nvrsolo 2.3.1.20
CVE-2016-5676 MEDIUM

cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator password via a cmd=loaddefconfig action.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-285,

Products Affected

Vendor Product Version
nuuo nvrmini_2 2.0.0
netgear readynas_surveillance 1.1.1
nuuo nvrmini_2 2.2.1
netgear readynas_surveillance 1.1.2
netgear readynas_surveillance 1.4.0
netgear readynas_surveillance 1.4.1
nuuo nvrsolo 2.3.7.9
netgear readynas_surveillance 1.2.0.4
nuuo nvrsolo 2.0.1
nuuo nvrmini_2 3.0.0
nuuo nvrsolo 2.0.0
nuuo nvrsolo 2.3
nuuo nvrsolo 1.75
netgear readynas_surveillance 1.3.2.4
nuuo nvrsolo 3.0.0
nuuo nvrmini_2 1.7.5
nuuo nvrsolo 2.3.9.6
nuuo nvrsolo 2.3.7.10
nuuo nvrsolo 2.1.5
netgear readynas_surveillance 1.3.2.14
nuuo nvrmini_2 1.7.6
nuuo nvrsolo 2.2.2
netgear readynas_surveillance 1.4.2
nuuo nvrsolo 2.3.1.20
CVE-2016-5677 MEDIUM

NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an __nvr_status___.php request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
nuuo nvrsolo 1.0.1
nuuo nvrmini_2 2.0.0
nuuo nvrsolo 1.1.0
netgear readynas_surveillance 1.1.1
nuuo nvrmini_2 2.2.1
nuuo nvrsolo 1.0.0
netgear readynas_surveillance 1.1.2
netgear readynas_surveillance 1.4.0
netgear readynas_surveillance 1.4.1
nuuo nvrsolo 2.3.7.9
netgear readynas_surveillance 1.2.0.4
nuuo nvrsolo 2.0.1
nuuo nvrsolo 1.1.1
nuuo nvrmini_2 3.0.0
nuuo nvrsolo 2.0.0
nuuo nvrsolo 2.3
nuuo nvrsolo 1.1.2
nuuo nvrsolo 1.75
nuuo nvrsolo 1.3.0
netgear readynas_surveillance 1.3.2.4
nuuo nvrsolo 3.0.0
nuuo nvrmini_2 1.7.5
nuuo nvrsolo 2.3.9.6
nuuo nvrsolo 2.3.7.10
nuuo nvrsolo 1.1.0.117
nuuo nvrsolo 2.1.5
netgear readynas_surveillance 1.3.2.14
nuuo nvrsolo 1.2.0
nuuo nvrmini_2 1.7.6
nuuo nvrsolo 2.2.2
netgear readynas_surveillance 1.4.2
nuuo nvrsolo 2.3.1.20
CVE-2016-5679 HIGH

cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transfer_license command.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
nuuo nvrmini_2 2.0.0
nuuo nvrmini_2 3.0.0
nuuo nvrmini_2 1.7.6
nuuo nvrmini_2 2.2.1
netgear readynas_surveillance 1.1.2
CVE-2016-5680 HIGH

Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn parameter to the transfer_license command.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
nuuo nvrmini_2 2.0.0
nuuo nvrmini_2 3.0.0
nuuo nvrmini_2 1.7.6
nuuo nvrmini_2 2.2.1
netgear readynas_surveillance 1.1.2
CVE-2016-6277 HIGH

NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-352,CWE-352,

Products Affected

Vendor Product Version
netgear r7900_firmware *
netgear r7300dst_firmware *
netgear r6900_firmware *
netgear r7000_firmware *
netgear r6400_firmware *
netgear d6220_firmware *
netgear r7100lg_firmware *
netgear r6700_firmware *
netgear r8000_firmware *
netgear d6400_firmware *
netgear r6250_firmware *
CVE-2017-18378 HIGH

In NETGEAR ReadyNAS Surveillance before 1.4.3-17 x86 and before 1.1.4-7 ARM, $_GET['uploaddir'] is not escaped and is passed to system() through $tmp_upload_dir, leading to upgrade_handle.php?cmd=writeuploaddir remote command execution.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear readynas_surveillance_firmware *
CVE-2017-18697 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R7800 before 1.0.2.40 and R9000 before 1.0.2.52.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear r7800_firmware *
netgear r9000_firmware *
CVE-2017-18698 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R6100 before 1.0.1.20, R7800 before 1.0.2.40, and R9000 before 1.0.2.52.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear r7800_firmware *
netgear r6100_firmware *
netgear r9000_firmware *
CVE-2017-18699 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R7800 before 1.0.2.40 and R9000 before 1.0.2.52.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear r7800_firmware *
netgear r9000_firmware *
CVE-2017-18700 MEDIUM

Certain NETGEAR devices are affected by stored XSS. This affects D6400 before 1.0.0.60, D7000 before 1.0.1.50, D8500 before 1.0.3.29, EX6200 before 1.0.3.84, EX7000 before 1.0.0.60, R6250 before 1.0.4.16, R6300v2 before 1.0.4.18, R6400 before 1.01.32, R6400v2 before 1.0.2.44, R6700 before 1.0.1.36, R6900 before 1.0.1.34, R6900P before 1.3.0.8, R7000 before 1.0.9.14, R7000P before 1.3.0.8, R7100LG before 1.0.0.34, R7300DST before 1.0.0.56, R7900 before 1.0.1.26, R8000 before 1.0.4.4, R8300 before 1.0.2.106, R8500 before 1.0.2.106, R9000 before 1.0.2.52, WNDR3400v3 before 1.0.1.16, WNR3500Lv2 before 1.2.0.46, and WNDR3700v5 before 1.1.0.48.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear d7000_firmware *
netgear ex6200_firmware *
netgear r6900_firmware *
netgear r7000_firmware *
netgear r7000p_firmware *
netgear wnr3500l_firmware *
netgear d8500_firmware *
netgear ex7000_firmware *
netgear r6700_firmware *
netgear r8000_firmware *
netgear d6400_firmware *
netgear r9000_firmware *
netgear r7900_firmware *
netgear r7300dst_firmware *
netgear r6300_firmware *
netgear r6400_firmware *
netgear wndr3400_firmware *
netgear r7100lg_firmware *
netgear r8500_firmware *
netgear r6250_firmware *
netgear r6900p_firmware *
netgear r8300_firmware *
CVE-2017-18701 MEDIUM

Certain NETGEAR devices are affected by reflected XSS. This affects R6700 before 1.0.1.36 and R6900 before 1.0.1.34.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear r6900_firmware *
netgear r6700_firmware *
CVE-2017-18702 MEDIUM

NETGEAR R6220 devices before 1.1.0.60 are affected by incorrect configuration of security settings.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 2.8 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear r6220_firmware *
CVE-2017-18703 MEDIUM

Certain NETGEAR devices are affected by CSRF. This affects D1500 before 1.0.0.25, D500 before 1.0.0.25, D6100 before 1.0.0.55, D7000 before 1.0.1.50, D7800 before 1.0.1.28, EX6100v2 before 1.0.1.60, EX6150v2 before 1.0.1.60, JNR1010v2 before 1.1.0.46, JR6150 before 1.0.1.16, JWNR2010v5 before 1.1.0.46, PR2000 before 1.0.0.18, R6020 before 1.0.0.26, R6050 before 1.0.1.16, R6080 before 1.0.0.26, R6100 before 1.0.1.20, R6220 before 1.1.0.60, R7500 before 1.0.0.118, R7500v2 before 1.0.3.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WN3000RPv3 before 1.0.2.50, WN3100RPv2 before 1.0.0.40, WNDR3700v5 before 1.1.0.48, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.46, WNR2000v5 before 1.0.0.62, WNR2020 before 1.1.0.46, and WNR2050 before 1.1.0.46.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear wnr2050_firmware *
netgear d1500_firmware *
netgear d7000_firmware *
netgear r6080_firmware *
netgear wnr1000_firmware *
netgear wndr4300_firmware *
netgear r6100_firmware *
netgear d6100_firmware *
netgear d500_firmware *
netgear r6020_firmware *
netgear wn3100rp_firmware *
netgear wndr4500_firmware *
netgear ex6150_firmware *
netgear jwnr2010_firmware *
netgear jr6150_firmware *
netgear pr2000_firmware *
netgear ex6100_firmware *
netgear r6050_firmware *
netgear r7800_firmware *
netgear jnr1010_firmware *
netgear r9000_firmware *
netgear d7800_firmware *
netgear wn3000rp_firmware *
netgear r7500_firmware *
netgear r6220_firmware *
netgear wnr2020_firmware *
netgear wnr2000_firmware *
CVE-2017-18704 LOW

Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects D6220 before 1.0.0.32, D6400 before 1.0.0.60, D8500 before 1.0.3.29, R6250 before 1.0.4.16, R6300v2 before 1.0.4.18, R6400 before 1.01.32, R6400v2 before 1.0.2.44, R6700 before 1.0.1.36, R6900 before 1.0.1.34, R7000 before 1.0.9.14, R7000P before 1.3.0.8, R6900P before 1.3.0.8, R7100LG before 1.0.0.34, R7300DST before 1.0.0.56, R7900 before 1.0.1.26, R8000 before 1.0.4.4, R8500 before 1.0.2.106, R8300 before 1.0.2.106, and WNDR3400v3 before 1.0.1.16.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
netgear r6900_firmware *
netgear r7000_firmware *
netgear d6220_firmware *
netgear r7000p_firmware *
netgear d8500_firmware *
netgear r6700_firmware *
netgear r8000_firmware *
netgear d6400_firmware *
netgear r7900_firmware *
netgear r7300dst_firmware *
netgear r6300_firmware *
netgear r6400_firmware *
netgear wndr3400_firmware *
netgear r7100lg_firmware *
netgear r8500_firmware *
netgear r6250_firmware *
netgear r6900p_firmware *
netgear r8300_firmware *
CVE-2017-18705 MEDIUM

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D7800 before 1.0.1.28, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.88, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.62.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear r6100_firmware *
netgear r7500_firmware *
netgear r9000_firmware *
netgear wnr2000_firmware *
netgear wndr4500_firmware *
CVE-2017-18706 LOW

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R6100 before 1.0.1.20, R7500 before 1.0.0.118, WNDR3700v4 before 1.0.2.88, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.62.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear r6100_firmware *
netgear r7500_firmware *
netgear wnr2000_firmware *
netgear wndr4500_firmware *
CVE-2017-18707 MEDIUM

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R8300 before 1.0.2.106 and R8500 before 1.0.2.106.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netgear r8500_firmware *
netgear r8300_firmware *
CVE-2017-18708 MEDIUM

Certain NETGEAR devices are affected by CSRF. This affects R8300 before 1.0.2.94 and R8500 before 1.0.2.94.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
netgear r8500_firmware *
netgear r8300_firmware *
CVE-2017-18709 MEDIUM

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R8300 before 1.0.2.94 and R8500 before 1.0.2.94.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear r8500_firmware *
netgear r8300_firmware *
CVE-2017-18710 LOW

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects R8300 before 1.0.2.106 and R8500 before 1.0.2.106.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
netgear r8500_firmware *
netgear r8300_firmware *
CVE-2017-18711 MEDIUM

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D7800 before 1.0.1.28, R6400 before 1.01.32, R6400v2 before 1.0.2.44, R6700 before 1.0.1.36, R6900 before 1.0.1.34, R6900P before 1.3.0.8, R7000 before 1.0.9.14, R7000P before 1.3.0.8, R7500v2 before 1.0.3.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR4300v2 before 1.0.0.48, and WNDR4500v3 before 1.0.0.48.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear r6900_firmware *
netgear r7000_firmware *
netgear wndr4300_firmware *
netgear r7000p_firmware *
netgear r7800_firmware *
netgear r6700_firmware *
netgear r9000_firmware *
netgear wndr4500_firmware *
netgear d7800_firmware *
netgear r6400_firmware *
netgear r7500_firmware *
netgear r6900p_firmware *
CVE-2017-18712 LOW

Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects D7800 before 1.0.1.28, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR4300v2 before 1.0.0.48, and WNDR4500v3 before 1.0.0.48.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear r6100_firmware *
netgear r7500_firmware *
netgear r9000_firmware *
netgear wndr4500_firmware *
CVE-2017-18713 LOW

Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects D7800 before 1.0.1.28, R6700 before 1.0.1.36, R6900 before 1.0.1.34, R7500v2 before 1.0.3.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR4300v2 before 1.0.0.48, and WNDR4500v3 before 1.0.0.48.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear r6900_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear r6700_firmware *
netgear r7500_firmware *
netgear r9000_firmware *
netgear wndr4500_firmware *
CVE-2017-18714 LOW

NETGEAR WNDR4500v3 devices before 1.0.0.48 are affected by denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear wndr4500_firmware *
CVE-2017-18715 MEDIUM

Certain NETGEAR devices are affected by reflected XSS. This affects EX3700 before 1.0.0.66, EX3800 before 1.0.0.66, EX6100 before 1.0.2.20, EX6120 before 1.0.0.34, EX6150 before 1.0.0.36, EX6200 before 1.0.3.84, and EX7000 before 1.0.0.60.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear ex6100_firmware *
netgear ex6150_firmware *
netgear ex6200_firmware *
netgear ex6120_firmware *
netgear ex7000_firmware *
netgear ex3700_firmware *
netgear ex3800_firmware *
CVE-2017-18716 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear d6200_firmware *
netgear r6900_firmware *
netgear r6700_firmware *
netgear r6800_firmware *
CVE-2017-18717 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear d6200_firmware *
netgear r6900_firmware *
netgear r6700_firmware *
netgear r6800_firmware *
CVE-2017-18718 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear d6200_firmware *
netgear r6900_firmware *
netgear r6700_firmware *
netgear r6800_firmware *
CVE-2017-18719 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6020 before 1.1.00.26, R6080 before 1.1.00.26; R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear d6200_firmware *
netgear r6900_firmware *
netgear r6080_firmware *
netgear r6700_firmware *
netgear r6800_firmware *
netgear r6020_firmware *
CVE-2017-18720 MEDIUM

Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
netgear d6200_firmware *
netgear r6900_firmware *
netgear r6700_firmware *
netgear r6800_firmware *
CVE-2017-18721 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear d6200_firmware *
netgear r6900_firmware *
netgear r6700_firmware *
netgear r6800_firmware *
CVE-2017-18722 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear d6200_firmware *
netgear r6900_firmware *
netgear r6700_firmware *
netgear r6800_firmware *
CVE-2017-18723 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear d6200_firmware *
netgear r6900_firmware *
netgear r6700_firmware *
netgear r6800_firmware *
CVE-2017-18724 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear d6200_firmware *
netgear r6900_firmware *
netgear r6700_firmware *
netgear r6800_firmware *
CVE-2017-18725 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24. R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear d6200_firmware *
netgear r6900_firmware *
netgear r6700_firmware *
netgear r6800_firmware *
CVE-2017-18726 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects R6020 before 1.0.0.30, R6080 before 1.0.0.30, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear r6900_firmware *
netgear r6080_firmware *
netgear r6700_firmware *
netgear r6800_firmware *
netgear r6020_firmware *
CVE-2017-18727 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear d6200_firmware *
netgear r6900_firmware *
netgear r6700_firmware *
netgear r6800_firmware *
CVE-2017-18728 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear d6200_firmware *
netgear r6900_firmware *
netgear r6700_firmware *
netgear r6800_firmware *
CVE-2017-18729 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6020 before 1.0.0.30, R6080 before 1.0.0.30, R6120 before 1.0.0.36, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear d6200_firmware *
netgear r6900_firmware *
netgear r6080_firmware *
netgear r6700_firmware *
netgear r6800_firmware *
netgear r6020_firmware *
netgear r6120_firmware *
CVE-2017-18730 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6020 before 1.0.0.30, R6080 before 1.0.0.30, R6120 before 1.0.0.36, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear d6200_firmware *
netgear r6900_firmware *
netgear r6080_firmware *
netgear r6700_firmware *
netgear r6800_firmware *
netgear r6020_firmware *
netgear r6120_firmware *
CVE-2017-18731 MEDIUM

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R6100 before 1.0.1.16, R7500 before 1.0.0.112, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, and WNR2000v5 before 1.0.0.58.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear wnr2500_firmware *
netgear r7800_firmware *
netgear r6100_firmware *
netgear r7500_firmware *
CVE-2017-18732 MEDIUM

Certain NETGEAR devices are affected by authentication bypass. This affects R6300v2 before 1.0.4.8, PLW1000v2 before 1.0.0.14, and PLW1010v2 before 1.0.0.14.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
netgear r6300_firmware *
netgear plw1010_firmware *
netgear plw1000_firmware *
CVE-2017-18733 MEDIUM

Certain NETGEAR devices are affected by authentication bypass. This affects D6220 before 1.0.0.28, D6400 before 1.0.0.60, D8500 before 1.0.3.29, R6250 before 1.0.4.8, R6400 before 1.0.1.22, R6400v2 before 1.0.2.32, R7100LG before 1.0.0.32, R7300DST before 1.0.0.52, R8300 before 1.0.2.94, and R8500 before 1.0.2.100.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
netgear r7300dst_firmware *
netgear r6400_firmware *
netgear d6220_firmware *
netgear d8500_firmware *
netgear r7100lg_firmware *
netgear r8500_firmware *
netgear d6400_firmware *
netgear r6250_firmware *
netgear r8300_firmware *
CVE-2017-18734 MEDIUM

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, WNDR3700v5 before 1.1.0.48, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear wnr2050_firmware *
netgear r6900_firmware *
netgear r6050_firmware *
netgear wnr1000_firmware *
netgear r6700_firmware *
netgear jnr1010_firmware *
netgear jwnr2010_firmware *
netgear r6220_firmware *
netgear jr6150_firmware *
netgear r6800_firmware *
netgear pr2000_firmware *
netgear wnr2020_firmware *
CVE-2017-18735 MEDIUM

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects JR6150 before 1.0.1.10, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, and R6900v2 before 1.2.0.4.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
netgear r6900_firmware *
netgear r6050_firmware *
netgear r6700_firmware *
netgear jr6150_firmware *
netgear r6800_firmware *
netgear pr2000_firmware *
CVE-2017-18736 MEDIUM

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects JR6150 before 1.0.1.10, R6050 before 1.0.1.10, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, and WNDR3700v5 before 1.1.0.48.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear r6900_firmware *
netgear r6050_firmware *
netgear r6700_firmware *
netgear r6220_firmware *
netgear jr6150_firmware *
netgear r6800_firmware *
CVE-2017-18737 MEDIUM

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, WNDR3700v5 before 1.1.0.48, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear wnr2050_firmware *
netgear r6900_firmware *
netgear r6050_firmware *
netgear wnr1000_firmware *
netgear r6700_firmware *
netgear jnr1010_firmware *
netgear jwnr2010_firmware *
netgear r6220_firmware *
netgear jr6150_firmware *
netgear r6800_firmware *
netgear pr2000_firmware *
netgear wnr2020_firmware *
CVE-2017-18738 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects EX6150v2 before 1.0.1.54, R6400 before 1.0.1.24, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.10, R7000P before 1.2.0.22, R6900P before 1.2.0.22, R7100LG before 1.0.0.32, R7300DST before 1.0.0.54, R7900 before 1.0.1.18, R8000 before 1.0.3.48, R8300 before 1.0.2.106, R8500 before 1.0.2.106, R6100 before 1.0.1.16, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.58.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear r6900_firmware *
netgear r7000_firmware *
netgear wndr4300_firmware *
netgear r7000p_firmware *
netgear r6100_firmware *
netgear r6700_firmware *
netgear r8000_firmware *
netgear wndr4500_firmware *
netgear r7900_firmware *
netgear r7300dst_firmware *
netgear ex6150_firmware *
netgear r6400_firmware *
netgear r7100lg_firmware *
netgear r8500_firmware *
netgear r6900p_firmware *
netgear wnr2000_firmware *
netgear r8300_firmware *
CVE-2017-18739 MEDIUM

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects R6220 before V1.1.0.50, R7800 before V1.0.2.36, WNDR3400v3 before 1.0.1.14, and WNDR3700v5 before V1.1.0.48.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear wndr3400_firmware *
netgear r7800_firmware *
netgear r6220_firmware *
CVE-2017-18740 MEDIUM

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.61, D6000 before 1.0.0.61, D6100 before 1.0.0.55, D7800 before 1.0.1.28, R6100 before 1.0.1.16, R7500 before 1.0.0.112, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R9000 before 1.0.2.40, WNDR3700v4 before 1.0.2.88, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.58.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 2.8 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear r6100_firmware *
netgear d6100_firmware *
netgear d6000_firmware *
netgear r9000_firmware *
netgear wndr4500_firmware *
netgear d7800_firmware *
netgear d3600_firmware *
netgear r7500_firmware *
netgear wnr2000_firmware *
CVE-2017-18741 LOW

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R6250 before 1.0.4.8, R6300v2 before 1.0.4.8, R6700 before 1.0.1.20, R7000 before 1.0.7.10, R7000P before 1.0.0.58, R6900P before 1.0.0.58, R7100LG before 1.0.0.32, R7900 before 1.0.1.14, R8000 before 1.0.3.22, and R8500 before 1.0.2.94.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear r7900_firmware *
netgear r6300_firmware *
netgear r7000_firmware *
netgear r7000p_firmware *
netgear r7100lg_firmware *
netgear r6700_firmware *
netgear r8000_firmware *
netgear r8500_firmware *
netgear r6250_firmware *
netgear r6900p_firmware *
CVE-2017-18742 MEDIUM

Certain NETGEAR devices are affected by CSRF. This affects JR6150 before 1.0.1.10, R6050 before 1.0.1.10, R6250 before 1.0.4.12, R6300v2 before 1.0.4.8, R6700 before 1.0.1.16, R6900 before 1.0.1.16, R7300DST before 1.0.0.54, R7900 before 1.0.1.12, R8000 before 1.0.3.32, and R8500 before 1.0.2.74.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
netgear r7900_firmware *
netgear r7300dst_firmware *
netgear r6300_firmware *
netgear r6900_firmware *
netgear r6050_firmware *
netgear r6700_firmware *
netgear r8000_firmware *
netgear r8500_firmware *
netgear jr6150_firmware *
netgear r6250_firmware *
CVE-2017-18743 MEDIUM

Certain NETGEAR devices are affected by authentication bypass. This affects R6300v2 before 1.0.4.8, R6400 before 1.0.1.20, R6700 before 1.0.1.20, R6900 before 1.0.1.20, R7000 before 1.0.7.10, R7100LG before V1.0.0.32, R7300DST before 1.0.0.52, R7900 before 1.0.1.16, R8000 before 1.0.3.36, R8300 before 1.0.2.94, R8500 before 1.0.2.94, WNDR3400v3 before 1.0.1.12, and WNR3500Lv2 before 1.2.0.40.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
netgear r6900_firmware *
netgear r7000_firmware *
netgear wnr3500l_firmware *
netgear r6700_firmware *
netgear r8000_firmware *
netgear r7900_firmware *
netgear r7300dst_firmware *
netgear r6300_firmware *
netgear r6400_firmware *
netgear wndr3400_firmware *
netgear r7100lg_firmware *
netgear r8500_firmware *
netgear r8300_firmware *
CVE-2017-18744 MEDIUM

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects R6250 before 1.0.4.12, R6300v2 before 1.0.4.12, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.4, R7900 before 1.0.1.12, R8000 before 1.0.3.24, and R8500 before 1.0.2.74.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netgear r7900_firmware *
netgear r6300_firmware *
netgear r6900_firmware *
netgear r7000_firmware *
netgear r6700_firmware *
netgear r8000_firmware *
netgear r8500_firmware *
netgear r6250_firmware *
CVE-2017-18745 MEDIUM

Certain NETGEAR devices are affected by stored XSS. This affects R6400 before 1.0.1.14, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.4, R7100LG before 1.0.0.32, R7300DST before 1.0.0.56, R7900 before 1.0.1.12, R8000 before 1.0.3.24, and R8500 before 1.0.2.74.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear r7900_firmware *
netgear r7300dst_firmware *
netgear r6900_firmware *
netgear r7000_firmware *
netgear r6400_firmware *
netgear r7100lg_firmware *
netgear r6700_firmware *
netgear r8000_firmware *
netgear r8500_firmware *
CVE-2017-18746 LOW

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6000 before 1.0.0.24, EX6130 before 1.0.0.16, EX6400 before 1.0.1.60, EX7000 before 1.0.0.50, EX7300 before 1.0.1.60, and WN2500RPv2 before 1.0.1.46.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear ex7300_firmware *
netgear ex6130_firmware *
netgear ex6000_firmware *
netgear ex7000_firmware *
netgear ex3700_firmware *
netgear wn2500rp_firmware *
netgear ex3800_firmware *
netgear ex6400_firmware *
CVE-2017-18747 LOW

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6000 before 1.0.0.24, EX6130 before 1.0.0.16, EX6400 before 1.0.1.60, EX7000 before 1.0.0.50, EX7300 before 1.0.1.60, and WN2500RPv2 before 1.0.1.46.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
netgear ex7300_firmware *
netgear ex6130_firmware *
netgear ex6000_firmware *
netgear ex7000_firmware *
netgear ex3700_firmware *
netgear wn2500rp_firmware *
netgear ex3800_firmware *
netgear ex6400_firmware *
CVE-2017-18748 MEDIUM

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects EX6200v2 before 1.0.1.44, R6100 before 1.0.1.12, R7500 before 1.0.0.108, R7500v2 before 1.0.3.10, R7800 before 1.0.2.28, R9000 before 1.0.2.30, WNDR4300v2 before 1.0.0.48, and WNDR4500v3 before 1.0.0.48.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear ex6200_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear r6100_firmware *
netgear r7500_firmware *
netgear r9000_firmware *
netgear wndr4500_firmware *
CVE-2017-18749 MEDIUM

Certain NETGEAR devices are affected by CSRF. This affects JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, R6050 before 1.0.1.10, R6100 before 1.0.1.16, R6220 before 1.1.0.50, R7500 before 1.0.0.112, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R9000 before 1.0.2.40, WNDR3700v4 before 1.0.2.88, WNDR3700v5 before 1.1.0.48, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.44, WNR2000v5 before 1.0.0.58, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear wnr2050_firmware *
netgear r6050_firmware *
netgear wnr1000_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear r6100_firmware *
netgear jnr1010_firmware *
netgear r9000_firmware *
netgear wndr4500_firmware *
netgear r7500_firmware *
netgear jwnr2010_firmware *
netgear r6220_firmware *
netgear jr6150_firmware *
netgear wnr2020_firmware *
netgear wnr2000_firmware *
CVE-2017-18750 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear d6200_firmware *
netgear r6900_firmware *
netgear r6700_firmware *
netgear r6800_firmware *
CVE-2017-18751 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D7800 before 1.0.1.28, R6100 before 1.0.1.16, R7500 before 1.0.0.112, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.88, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, and WNDR4500v3 before 1.0.0.48.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear r6100_firmware *
netgear r7500_firmware *
netgear r9000_firmware *
netgear wndr4500_firmware *
CVE-2017-18752 LOW

Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6120 before 1.0.0.32, EX6130 before 1.0.0.16, R6300v2 before 1.0.4.12, R6700 before 1.0.1.26, R6900 before 1.0.1.22, R7000 before 1.0.9.6, R7300DST before 1.0.0.52, R7900 before 1.0.1.12, R8000 before 1.0.3.24, and R8500 before 1.0.2.94.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
netgear r6900_firmware *
netgear r7000_firmware *
netgear ex6130_firmware *
netgear r6700_firmware *
netgear r8000_firmware *
netgear ex3800_firmware *
netgear r7900_firmware *
netgear r7300dst_firmware *
netgear r6300_firmware *
netgear ex6120_firmware *
netgear ex3700_firmware *
netgear r8500_firmware *
CVE-2017-18754 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WNDR3700v4 before 1.0.2.88, WNDR4300v1 before 1.0.2.90, and WNR2000v5 before 1.0.0.58.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear wnr2000_firmware *
CVE-2017-18755 MEDIUM

Certain NETGEAR devices are affected by CSRF. This affects R6300v2 before 1.0.4.8, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000P before 1.0.0.86, R6900P before 1.0.0.56, R7300 before 1.0.0.54, R8300 before 1.0.2.106, R8500 before 1.0.2.106, DGN2200v4 before 1.0.0.86, DGND2200Bv4 before 1.0.0.86, R6050 before 1.0.0.86, JR6150 before 1.0.1.10, R6220 before 1.1.0.50, and WNDR3700v5 before V1.1.0.48.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear r6900_firmware *
netgear r6050_firmware *
netgear r7000p_firmware *
netgear r6700_firmware *
netgear dgnd2200b_firmware *
netgear r6300_firmware *
netgear r7300_firmware *
netgear r6400_firmware *
netgear r6220_firmware *
netgear r8500_firmware *
netgear jr6150_firmware *
netgear r6900p_firmware *
netgear dgn2200_firmware *
netgear r8300_firmware *
CVE-2017-18756 MEDIUM

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D6220 before 1.0.0.32, D6400 before 1.0.0.66, D8500 before 1.0.3.35, DGN2200Bv4 before 1.0.0.94, DGN2200v4 before 1.0.0.94, R6250 before 1.0.4.14, R6300v2 before 1.0.4.18, R6400 before 1.01.32, R6400v2 before 1.0.2.44, R6700 before 1.0.1.36, R6900 before 1.0.1.30, R6900P before 1.3.0.8, R7000 before 1.0.9.14, R7000P before 1.3.0.8, R7100LG before 1.0.0.34, R7900 before 1.0.2.4, R8000 before 1.0.4.2, WN2500RPv2 before 1.0.1.50, WNDR3400v3 before 1.0.1.14, and WNDR4000 before 1.0.2.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear r6900_firmware *
netgear r7000_firmware *
netgear d6220_firmware *
netgear r7000p_firmware *
netgear d8500_firmware *
netgear r6700_firmware *
netgear r8000_firmware *
netgear d6400_firmware *
netgear r7900_firmware *
netgear wndr4000_firmware *
netgear r6300_firmware *
netgear r6400_firmware *
netgear wndr3400_firmware *
netgear r7100lg_firmware *
netgear wn2500rp_firmware *
netgear r6250_firmware *
netgear r6900p_firmware *
netgear dgn2200_firmware *
netgear dgn2200b_firmware *
CVE-2017-18757 MEDIUM

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D7800 before 1.0.1.30, R6100 before 1.0.1.16, R7500 before 1.0.0.116, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R9000 before 1.0.2.40, WNDR4300v2 before 1.0.0.48, WNDR4300v1 before 1.0.2.90, and WNDR4500v3 before 1.0.0.48.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 2.8 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear r6100_firmware *
netgear r7500_firmware *
netgear r9000_firmware *
netgear wndr4500_firmware *
CVE-2017-18758 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear r6900_firmware *
netgear r6700_firmware *
netgear r6800_firmware *
CVE-2017-18759 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R8300 before 1.0.2.104 and R8500 before 1.0.2.104.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear r8500_firmware *
netgear r8300_firmware *
CVE-2017-18761 MEDIUM

NETGEAR R8000 devices before 1.0.4.2 are affected by a stack-based buffer overflow by an authenticated user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear r8000_firmware *
CVE-2017-18762 MEDIUM

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D3600 before 1.0.0.68, D6000 before 1.0.0.68, D6100 before 1.0.0.57, R6100 before 1.0.1.16, R6900P before 1.2.0.22, R7000 before 1.0.9.10, R7000P before 1.2.0.22, R7100LG before 1.0.0.40, WNDR3700v4 before 1.0.2.88, WNDR4300v1 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.58.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear r7000_firmware *
netgear wndr4300_firmware *
netgear r7000p_firmware *
netgear r6100_firmware *
netgear d6100_firmware *
netgear d6000_firmware *
netgear wndr4500_firmware *
netgear d3600_firmware *
netgear r7100lg_firmware *
netgear r6900p_firmware *
netgear wnr2000_firmware *
CVE-2017-18763 LOW

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects JNR1010v2 before 1.1.0.42, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.42, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6120 before 1.0.0.30, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, WNDR3700v5 before 1.1.0.48, WNR1000v4 before 1.1.0.42, WNR2020 before 1.1.0.42, and WNR2050 before 1.1.0.42.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear wnr2050_firmware *
netgear r6900_firmware *
netgear r6050_firmware *
netgear wnr1000_firmware *
netgear r6700_firmware *
netgear jnr1010_firmware *
netgear jwnr2010_firmware *
netgear r6220_firmware *
netgear jr6150_firmware *
netgear r6800_firmware *
netgear pr2000_firmware *
netgear wnr2020_firmware *
netgear r6120_firmware *
CVE-2017-18764 MEDIUM

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6100 before 1.0.0.55, D7000 before 1.0.1.50, D7800 before 1.0.1.28, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6100 before 1.0.1.14, R6120 before 1.0.0.30, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, R7500 before 1.0.0.110, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R9000 before 1.0.2.52, WN3000RPv3 before 1.0.2.50, WNDR3700v4 before 1.0.2.88, WNDR3700v5 before 1.1.0.48, WNDR4300v1 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.44, WNR2000v5 before 1.0.0.58, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear wnr2050_firmware *
netgear d7000_firmware *
netgear r6900_firmware *
netgear wnr1000_firmware *
netgear wndr4300_firmware *
netgear r6100_firmware *
netgear d6100_firmware *
netgear wndr4500_firmware *
netgear jwnr2010_firmware *
netgear jr6150_firmware *
netgear r6800_firmware *
netgear pr2000_firmware *
netgear r6050_firmware *
netgear r7800_firmware *
netgear r6700_firmware *
netgear jnr1010_firmware *
netgear r9000_firmware *
netgear d7800_firmware *
netgear wn3000rp_firmware *
netgear r7500_firmware *
netgear r6220_firmware *
netgear wnr2020_firmware *
netgear wnr2000_firmware *
netgear r6120_firmware *
CVE-2017-18765 LOW

Certain NETGEAR devices are affected by denial of service. This affects R6300v2 before 1.0.4.8, R6400 before 1.0.1.22, R6400v2 before 1.0.2.32, R6700 before 1.0.1.20, R6900 before 1.0.1.20, WNR3500Lv2 before 1.2.0.44, and WNR2000v2 before 1.2.0.8.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear r6300_firmware *
netgear r6900_firmware *
netgear r6400_firmware *
netgear wnr3500l_firmware *
netgear r6700_firmware *
netgear wnr2000_firmware *
CVE-2017-18766 LOW

Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects DST6501 before 1.1.0.6 and WNR2000v2 before 1.2.0.8.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
netgear dst6501_firmware *
netgear wnr2000_firmware *
CVE-2017-18767 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, D8500 before 1.0.3.39, R6400 before 1.0.1.14, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.4, R7100LG before 1.0.0.32, R7300 before 1.0.0.56, R7800 before 1.0.2.36, R7900 before 1.0.2.10, R8000 before 1.0.3.24, R8300 before 1.0.2.74, and R8500 before 1.0.2.74.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
netgear r6900_firmware *
netgear r7000_firmware *
netgear d8500_firmware *
netgear r7800_firmware *
netgear r6700_firmware *
netgear r8000_firmware *
netgear r7900_firmware *
netgear d7800_firmware *
netgear r7300_firmware *
netgear r6400_firmware *
netgear r7100lg_firmware *
netgear r8500_firmware *
netgear r8300_firmware *
CVE-2017-18768 MEDIUM

Certain NETGEAR devices are affected by CSRF. This affects EX6100 before 1.0.2.16_1.1.130, EX6100v2 before 1.0.1.70, EX6150v2 before 1.0.1.54, EX6200v2 before 1.0.1.50, EX6400 before 1.0.1.60, EX7300 before 1.0.1.60, and WN3000RPv3 before 1.0.2.44.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
netgear ex6100_firmware *
netgear ex7300_firmware *
netgear ex6150_firmware *
netgear ex6200_firmware *
netgear wn3000rp_firmware *
netgear ex6400_firmware *
CVE-2017-18769 LOW

Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects D6220 before 1.0.0.40, D6400 before 1.0.0.74, D7000 before 1.0.1.60, D7800 before 1.0.1.34, D8500 before 1.0.3.39, DGN2200v4 before 1.0.0.94, DGN2200Bv4 before 1.0.0.94, EX6200v2 before 1.0.1.50, EX7000 before 1.0.0.56, JR6150 before 1.0.1.18, R6050 before 1.0.1.10J, R6100 before 1.0.1.16, R6150 before 1.0.1.10, R6220 before 1.1.0.50, R6250 before 1.0.4.12, R6300v2 before 1.0.4.12, R6400 before 1.0.1.24, R6400v2 before 1.0.2.32, R6700 before 1.0.1.26, R6700v2 before 1.2.0.4, R6800 before 1.0.1.10, R6900 before 1.0.1.26, R6900P before 1.0.0.58, R6900v2 before 1.2.0.4, R7000 before 1.0.9.6, R7000P before 1.0.0.58, R7100LG before 1.0.0.32, R7300 before 1.0.0.54, R7500 before 1.0.0.112, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R7900 before 1.0.1.18, R8000 before 1.0.3.48, R8300 before 1.0.2.104, R8500 before 1.0.2.104, R9000 before 1.0.2.40, WNDR3400v3 before 1.0.1.14, WNDR3700v4 before 1.0.2.96, WNDR4300v1 before 1.0.2.98, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR3500Lv2 before 1.2.0.44.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.6 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 0.9 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear d7000_firmware *
netgear r6900_firmware *
netgear r7000_firmware *
netgear d6220_firmware *
netgear wndr4300_firmware *
netgear r7000p_firmware *
netgear wnr3500l_firmware *
netgear r6100_firmware *
netgear r8000_firmware *
netgear d6400_firmware *
netgear wndr4500_firmware *
netgear r7300_firmware *
netgear r6400_firmware *
netgear wndr3400_firmware *
netgear r8500_firmware *
netgear jr6150_firmware *
netgear r6800_firmware *
netgear r6250_firmware *
netgear r6900p_firmware *
netgear dgn2200_firmware *
netgear dgn2200b_firmware *
netgear r8300_firmware *
netgear ex6200_firmware *
netgear r6050_firmware *
netgear d8500_firmware *
netgear ex7000_firmware *
netgear r7800_firmware *
netgear r6700_firmware *
netgear r9000_firmware *
netgear r6150_firmware *
netgear r7900_firmware *
netgear d7800_firmware *
netgear r6300_firmware *
netgear r7100lg_firmware *
netgear r7500_firmware *
netgear r6220_firmware *
CVE-2017-18770 MEDIUM

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R7800 before 1.0.2.36, PLW1000v2 before 1.0.0.14, and PLW1010v2 before 1.0.0.14.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netgear r7800_firmware *
netgear plw1010_firmware *
netgear plw1000_firmware *
CVE-2017-18772 MEDIUM

Certain NETGEAR devices are affected by authentication bypass. This affects EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6120 before 1.0.0.32, EX6130 before 1.0.0.16, R6300v2 before 1.0.4.12, R6700 before 1.0.1.26, R6900 before 1.0.1.22, R7000 before 1.0.9.6, R7300DST before 1.0.0.52, R7900 before 1.0.1.12, R8000 before 1.0.3.24, R8500 before 1.0.2.74, and WNR2000v2 before 1.2.0.8.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
netgear r6900_firmware *
netgear r7000_firmware *
netgear ex6130_firmware *
netgear r6700_firmware *
netgear r8000_firmware *
netgear ex3800_firmware *
netgear r7900_firmware *
netgear r7300dst_firmware *
netgear r6300_firmware *
netgear ex6120_firmware *
netgear ex3700_firmware *
netgear r8500_firmware *
netgear wnr2000_firmware *
CVE-2017-18773 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6100 before V1.0.0.55, D7800 before V1.0.1.24, EX6150v2 before 1.0.0.48, R6100 before 1.0.1.14, R7500 before 1.0.0.110, R7500v2 before V1.0.3.16, R7800 before V1.0.2.36, WNDR4300v1 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.48.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear ex6150_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear r6100_firmware *
netgear d6100_firmware *
netgear r7500_firmware *
netgear wnr2000_firmware *
netgear wndr4500_firmware *
CVE-2017-18775 MEDIUM

Certain NETGEAR devices are affected by CSRF. This affects R6100 before 1.0.1.12, R7500 before 1.0.0.108, WNDR3700v4 before 1.0.2.86, WNDR4300v1 before 1.0.2.88, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.42.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear r6100_firmware *
netgear r7500_firmware *
netgear wnr2000_firmware *
netgear wndr4500_firmware *
CVE-2017-18776 MEDIUM

Certain NETGEAR devices are affected by authentication bypass. This affects D6100 before V1.0.0.55, D7000 before V1.0.1.50, D7800 before V1.0.1.24, JNR1010v2 before 1.1.0.40, JWNR2010v5 before 1.1.0.40, R6100 before 1.0.1.12, R6220 before 1.1.0.50, R7500 before 1.0.0.108, R7500v2 before 1.0.3.10, WNDR4300v1 before 1.0.2.88, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.40, WNR2000v5 before 1.0.0.42, WNR2020 before 1.1.0.40, and WNR2050 before 1.1.0.40.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.5 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
netgear wnr2050_firmware *
netgear d7000_firmware *
netgear wnr1000_firmware *
netgear wndr4300_firmware *
netgear r6100_firmware *
netgear d6100_firmware *
netgear jnr1010_firmware *
netgear wndr4500_firmware *
netgear d7800_firmware *
netgear r7500_firmware *
netgear jwnr2010_firmware *
netgear r6220_firmware *
netgear wnr2020_firmware *
netgear wnr2000_firmware *
CVE-2017-18777 LOW

Certain NETGEAR devices are affected by administrative password disclosure. This affects D6220 before V1.0.0.28, D6400 before V1.0.0.60, D8500 before V1.0.3.29, DGN2200v4 before 1.0.0.82, DGN2200Bv4 before 1.0.0.82, R6300v2 before 1.0.4.8, R6400 before 1.0.1.20, R6700 before 1.0.1.20, R6900 before 1.0.1.20, R7000 before 1.0.7.10, R7100LG before V1.0.0.32, R7300DST before 1.0.0.52, R7900 before 1.0.1.16, R8000 before 1.0.3.36, R8300 before 1.0.2.94, R8500 before 1.0.2.94, WNDR3400v3 before 1.0.1.12, and WNR3500Lv2 before 1.2.0.40.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: LOW

Problem Type: CWE-522,

Products Affected

Vendor Product Version
netgear r6900_firmware *
netgear r7000_firmware *
netgear d6220_firmware *
netgear wnr3500l_firmware *
netgear d8500_firmware *
netgear r6700_firmware *
netgear r8000_firmware *
netgear d6400_firmware *
netgear r7900_firmware *
netgear r7300dst_firmware *
netgear r6300_firmware *
netgear r6400_firmware *
netgear wndr3400_firmware *
netgear r7100lg_firmware *
netgear r8500_firmware *
netgear dgn2200_firmware *
netgear dgn2200b_firmware *
netgear r8300_firmware *
CVE-2017-18778 LOW

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D6220 before 1.0.0.28, D6400 before 1.0.0.60, D7000 before 1.0.1.52, D7000v2 before 1.0.0.38, D7800 before 1.0.1.24, D8500 before 1.0.3.29, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.14, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6050 before 1.0.1.14, R6220 before 1.1.0.60, R6400 before 1.1.0.26, R6400v2 before 1.0.2.46, R6700v2 before 1.2.0.2, R6800 before 1.2.0.2, R6900v2 before 1.2.0.2, R7100LG before 1.0.0.32, R7300DST before 1.0.0.56, R7500 before 1.0.0.112, R7500v2 before 1.0.3.24, R7800 before 1.0.2.36, R7900P before 1.1.4.6, R8000P before 1.1.4.6, R8300 before 1.0.2.104, R8500 before 1.0.2.104, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.94, WNDR3700v5 before 1.1.0.50, WNDR4300v1 before 1.0.2.96, WNDR4300v2 before 1.0.0.52, WNDR4500v3 before 1.0.0.52, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear wnr2050_firmware *
netgear d7000_firmware *
netgear r6900_firmware *
netgear r7900p_firmware *
netgear d6220_firmware *
netgear wnr1000_firmware *
netgear wndr4300_firmware *
netgear d6400_firmware *
netgear wndr4500_firmware *
netgear r7300dst_firmware *
netgear r6400_firmware *
netgear jwnr2010_firmware *
netgear r8500_firmware *
netgear jr6150_firmware *
netgear r6800_firmware *
netgear pr2000_firmware *
netgear r8300_firmware *
netgear r6050_firmware *
netgear d8500_firmware *
netgear r7800_firmware *
netgear r6700_firmware *
netgear jnr1010_firmware *
netgear r9000_firmware *
netgear d7800_firmware *
netgear r7100lg_firmware *
netgear r7500_firmware *
netgear r8000p_firmware *
netgear r6220_firmware *
netgear wnr2020_firmware *
CVE-2017-18779 MEDIUM

Certain NETGEAR devices are affected by a buffer overflow. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.12, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 before 1.0.1.12, R6080 before 1.0.0.26, R6120 before 1.0.0.36, R6220 before 1.1.0.60, R6700v2 before 1.2.0.12, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear wnr2050_firmware *
netgear d7000_firmware *
netgear r6900_firmware *
netgear r6050_firmware *
netgear r6080_firmware *
netgear wnr1000_firmware *
netgear r6700_firmware *
netgear jnr1010_firmware *
netgear r6020_firmware *
netgear d6200_firmware *
netgear jwnr2010_firmware *
netgear r6220_firmware *
netgear jr6150_firmware *
netgear r6800_firmware *
netgear pr2000_firmware *
netgear wnr2020_firmware *
netgear r6120_firmware *
CVE-2017-18780 LOW

Certain NETGEAR devices are affected by denial of service. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.12, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 before 1.0.1.12, R6080 before 1.0.0.26, R6120 before 1.0.0.36, R6220 before 1.1.0.60, R6700v2 before 1.2.0.12, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear wnr2050_firmware *
netgear d7000_firmware *
netgear r6900_firmware *
netgear r6050_firmware *
netgear r6080_firmware *
netgear wnr1000_firmware *
netgear r6700_firmware *
netgear jnr1010_firmware *
netgear r6020_firmware *
netgear d6200_firmware *
netgear jwnr2010_firmware *
netgear r6220_firmware *
netgear jr6150_firmware *
netgear r6800_firmware *
netgear pr2000_firmware *
netgear wnr2020_firmware *
netgear r6120_firmware *
CVE-2017-18781 MEDIUM

Certain NETGEAR devices are affected by CSRF. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, JR6150 before 1.0.1.12, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 before 1.0.1.12, R6080 before 1.0.0.26, R6120 before 1.0.0.36, R6220 before 1.1.0.60, R6700v2 before 1.2.0.12, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear wnr2050_firmware *
netgear d7000_firmware *
netgear r6900_firmware *
netgear r6050_firmware *
netgear r6080_firmware *
netgear wnr1000_firmware *
netgear r6700_firmware *
netgear jnr1010_firmware *
netgear r6020_firmware *
netgear d6200_firmware *
netgear jwnr2010_firmware *
netgear r6220_firmware *
netgear jr6150_firmware *
netgear r6800_firmware *
netgear pr2000_firmware *
netgear wnr2020_firmware *
netgear r6120_firmware *
CVE-2017-18782 MEDIUM

Certain NETGEAR devices are affected by CSRF. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JR6150 before 1.0.1.12, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 before 1.0.1.12, R6080 before 1.0.0.26, R6120 before 1.0.0.36, R6220 before 1.1.0.60, R6700v2 before 1.2.0.12, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear wnr2050_firmware *
netgear d7000_firmware *
netgear r6900_firmware *
netgear r6050_firmware *
netgear r6080_firmware *
netgear wnr1000_firmware *
netgear r6700_firmware *
netgear jnr1010_firmware *
netgear r6020_firmware *
netgear d6200_firmware *
netgear jwnr2010_firmware *
netgear r6220_firmware *
netgear jr6150_firmware *
netgear r6800_firmware *
netgear pr2000_firmware *
netgear wnr2020_firmware *
netgear r6120_firmware *
CVE-2017-18783 MEDIUM

Certain NETGEAR devices are affected by XSS. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.12, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 before 1.0.1.12, R6080 before 1.0.0.26, R6120 before 1.0.0.36, R6220 before 1.1.0.60, R6700v2 before 1.2.0.12, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear wnr2050_firmware *
netgear d7000_firmware *
netgear r6900_firmware *
netgear r6050_firmware *
netgear r6080_firmware *
netgear wnr1000_firmware *
netgear r6700_firmware *
netgear jnr1010_firmware *
netgear r6020_firmware *
netgear d6200_firmware *
netgear jwnr2010_firmware *
netgear r6220_firmware *
netgear jr6150_firmware *
netgear r6800_firmware *
netgear pr2000_firmware *
netgear wnr2020_firmware *
netgear r6120_firmware *
CVE-2017-18784 MEDIUM

Certain NETGEAR devices are affected by XSS. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 before 1.0.1.12, R6080 before 1.0.0.26, R6120 before 1.0.0.36, R6220 before 1.1.0.60, R6700v2 before 1.2.0.12, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear wnr2050_firmware *
netgear d7000_firmware *
netgear r6900_firmware *
netgear r6050_firmware *
netgear r6080_firmware *
netgear wnr1000_firmware *
netgear r6700_firmware *
netgear jnr1010_firmware *
netgear r6020_firmware *
netgear d6200_firmware *
netgear jwnr2010_firmware *
netgear r6220_firmware *
netgear r6800_firmware *
netgear pr2000_firmware *
netgear wnr2020_firmware *
netgear r6120_firmware *
CVE-2017-18785 LOW

Certain NETGEAR devices are affected by XSS. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D6200 before 1.1.00.24, D6220 before 1.0.0.32, D6400 before 1.0.0.66, D7000 before 1.0.1.52, D7000v2 before 1.0.0.44, D7800 before 1.0.1.30, D8500 before 1.0.3.35, DGN2200v4 before 1.0.0.96, DGN2200Bv4 before 1.0.0.96, EX2700 before 1.0.1.28, EX6100v2 before 1.0.1.54, EX6150v2 before 1.0.1.54, EX6200v2 before 1.0.1.52, EX6400 before 1.0.1.72, EX7300 before 1.0.1.72, EX8000 before 1.0.0.102, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6080 before 1.0.0.26, R6100 before 1.0.1.20, R6250 before 1.0.4.16, R6300v2 before 1.0.4.18, R6400 before 1.0.1.32, R6400v2 before 1.0.2.46, R6700 before 1.0.1.36, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, R6700v2 before 1.2.0.12, R6900 before 1.0.1.34, R6900P before 1.3.0.8, R7000 before 1.0.9.18, R7000P before 1.3.0.8, R7100LG before 1.0.0.34, R7300DST before 1.0.0.58, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R7900 before 1.0.2.4, R7900P before 1.1.5.14, R8000 before 1.0.4.4, R8000P before 1.1.5.14, R8500 before 1.0.2.110, R8300 before 1.0.2.110, R9000 before 1.0.2.52, WN2000RPTv3 before 1.0.1.8, WN3000RPv3 before 1.0.2.50, WN3100RPv2 before 1.0.0.42, WNDR3400v3 before 1.0.1.16, WNDR3700v4 before 1.0.2.94, WNDR4300 before 1.0.2.96, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, WNR1000v4 before 1.1.0.44, WNR2000v5 before 1.0.0.62, WNR2020 before 1.1.0.44, WNR2050 before 1.1.0.44, and WNR3500Lv2 before 1.2.0.46.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear r6900_firmware *
netgear r6080_firmware *
netgear r7000_firmware *
netgear wnr3500l_firmware *
netgear r6100_firmware *
netgear d6100_firmware *
netgear r8000_firmware *
netgear wn3100rp_firmware *
netgear ex7300_firmware *
netgear r7300dst_firmware *
netgear ex6150_firmware *
netgear r6400_firmware *
netgear wndr3400_firmware *
netgear ex2700_firmware *
netgear jwnr2010_firmware *
netgear r8500_firmware *
netgear r6800_firmware *
netgear r6250_firmware *
netgear r6900p_firmware *
netgear r8300_firmware *
netgear ex8000_firmware *
netgear d8500_firmware *
netgear r7800_firmware *
netgear d6000_firmware *
netgear jnr1010_firmware *
netgear ex6400_firmware *
netgear r7900_firmware *
netgear d7800_firmware *
netgear r6300_firmware *
netgear r7500_firmware *
netgear wnr2000_firmware *
netgear wnr2050_firmware *
netgear d7000_firmware *
netgear r7900p_firmware *
netgear d6220_firmware *
netgear wnr1000_firmware *
netgear wndr4300_firmware *
netgear r7000p_firmware *
netgear d6400_firmware *
netgear r6020_firmware *
netgear wndr4500_firmware *
netgear pr2000_firmware *
netgear dgn2200_firmware *
netgear dgn2200b_firmware *
netgear ex6100_firmware *
netgear ex6200_firmware *
netgear wn2000rpt_firmware *
netgear r6700_firmware *
netgear r9000_firmware *
netgear d6200_firmware *
netgear d3600_firmware *
netgear r7100lg_firmware *
netgear wn3000rp_firmware *
netgear r8000p_firmware *
netgear wnr2020_firmware *
CVE-2017-18786 MEDIUM

Certain NETGEAR devices are affected by command injection. This affects D6200 before 1.1.00.24, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.12, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6050 before 1.0.1.12, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
netgear d6200_firmware *
netgear wnr2050_firmware *
netgear r6050_firmware *
netgear wnr1000_firmware *
netgear jnr1010_firmware *
netgear jwnr2010_firmware *
netgear jr6150_firmware *
netgear pr2000_firmware *
netgear wnr2020_firmware *
CVE-2017-18787 MEDIUM

Certain NETGEAR devices are affected by command injection. This affects D6200 before 1.1.00.24, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.12, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6050, before 1.0.1.12, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
netgear d6200_firmware *
netgear wnr2050_firmware *
netgear r6050_firmware *
netgear wnr1000_firmware *
netgear jnr1010_firmware *
netgear jwnr2010_firmware *
netgear jr6150_firmware *
netgear pr2000_firmware *
netgear wnr2020_firmware *
CVE-2017-18788 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D6200 before 1.1.00.24, D6220 before 1.0.0.32, D6400 before 1.0.0.66, D7000 before 1.0.1.52, D7000v2 before 1.0.0.44, D7800 before 1.0.1.30, D8500 before 1.0.3.35, DGN2200v4 before 1.0.0.96, DGN2200Bv4 before 1.0.0.96, EX2700 before 1.0.1.28, EX6150v2 before 1.0.1.54, EX6100v2 before 1.0.1.54, EX6200v2 before 1.0.1.52, EX6400 before 1.0.1.72, EX7300 before 1.0.1.72, EX8000 before 1.0.0.102, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6100 before 1.0.1.20, R6250 before 1.0.4.16, R6300v2 before 1.0.4.18, R6400 before 1.0.1.32, R6400v2 before 1.0.2.46, R6700 before 1.0.1.36, R6900 before 1.0.1.34, R7000 before 1.0.9.18, R6900P before 1.3.0.8, R7000P before 1.3.0.8, R7100LG before 1.0.0.34, R7300DST before 1.0.0.58, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R7900 before 1.0.2.4, R8000 before 1.0.4.4_1.1.42, R7900P before 1.1.5.14, R8000P before 1.1.5.14, R8300 before 1.0.2.110, R8500 before 1.0.2.110, R9000 before 1.0.2.52, WN2000RPTv3 before 1.0.1.14, WN3000RPv3 before 1.0.2.50, WN3100RPv2 before 1.0.0.40, WNDR3400v3 before 1.0.1.16, WNDR3700v4 before 1.0.2.94, WNDR4300 before 1.0.2.96, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, WNR1000v4 before 1.1.0.44, WNR2000v5 before 1.0.0.62, WNR2020 before 1.1.0.44, WNR2050 before 1.1.0.44, and WNR3500Lv2 before 1.2.0.46.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear r6900_firmware *
netgear r7000_firmware *
netgear wnr3500l_firmware *
netgear r6100_firmware *
netgear d6100_firmware *
netgear r8000_firmware *
netgear wn3100rp_firmware *
netgear ex7300_firmware *
netgear r7300dst_firmware *
netgear ex6150_firmware *
netgear r6400_firmware *
netgear wndr3400_firmware *
netgear ex2700_firmware *
netgear jwnr2010_firmware *
netgear r8500_firmware *
netgear r6250_firmware *
netgear r6900p_firmware *
netgear r8300_firmware *
netgear ex8000_firmware *
netgear d8500_firmware *
netgear r7800_firmware *
netgear d6000_firmware *
netgear jnr1010_firmware *
netgear ex6400_firmware *
netgear r7900_firmware *
netgear d7800_firmware *
netgear r6300_firmware *
netgear r7500_firmware *
netgear wnr2000_firmware *
netgear wnr2050_firmware *
netgear d7000_firmware *
netgear r7900p_firmware *
netgear d6220_firmware *
netgear wnr1000_firmware *
netgear wndr4300_firmware *
netgear r7000p_firmware *
netgear d6400_firmware *
netgear wndr4500_firmware *
netgear pr2000_firmware *
netgear dgn2200_firmware *
netgear dgn2200b_firmware *
netgear ex6100_firmware *
netgear ex6200_firmware *
netgear wn2000rpt_firmware *
netgear r6700_firmware *
netgear r9000_firmware *
netgear d6200_firmware *
netgear d3600_firmware *
netgear r7100lg_firmware *
netgear wn3000rp_firmware *
netgear r8000p_firmware *
netgear wnr2020_firmware *
CVE-2017-18789 LOW

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects R6250 before V1.0.4.8, R6400 before V1.0.1.22, R6400v2 before V1.0.2.32, R7100LG before V1.0.0.32, R7300 before V1.0.0.52, R8300 before V1.0.2.94, R8500 before V1.0.2.100, D6220 before V1.0.0.28, D6400 before V1.0.0.60, and D8500 before V1.0.3.29.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
netgear r7300_firmware *
netgear r6400_firmware *
netgear d6220_firmware *
netgear d8500_firmware *
netgear r7100lg_firmware *
netgear r8500_firmware *
netgear d6400_firmware *
netgear r6250_firmware *
netgear r8300_firmware *
CVE-2017-18790 LOW

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects R6700 before 1.0.1.26, R7000 before 1.0.9.10, R7100LG before 1.0.0.32, R7900 before 1.0.1.18, R8000 before 1.0.3.54, and R8500 before 1.0.2.100.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.5 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
netgear r7900_firmware *
netgear r7000_firmware *
netgear r7100lg_firmware *
netgear r6700_firmware *
netgear r8000_firmware *
netgear r8500_firmware *
CVE-2017-18791 MEDIUM

Certain NETGEAR devices are affected by CSRF. This affects R6050/JR6150 before 1.0.1.7, PR2000 before 1.0.0.17, R6220 before 1.1.0.50, WNDR3700v5 before 1.1.0.48, JNR1010v2 before 1.1.0.40, JWNR2010v5 before 1.1.0.40, WNR1000v4 before 1.1.0.40, WNR2020 before 1.1.0.40, WNR2050 before 1.1.0.40, WNR614 before 1.1.0.40, WNR618 before 1.1.0.40, and D7000 before 1.0.1.50.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear wnr2050_firmware *
netgear d7000_firmware *
netgear r6050_firmware *
netgear wnr1000_firmware *
netgear wnr614_firmware *
netgear jnr1010_firmware *
netgear wnr618_firmware *
netgear jwnr2010_firmware *
netgear r6220_firmware *
netgear jr6150_firmware *
netgear pr2000_firmware *
netgear wnr2020_firmware *
CVE-2017-18792 MEDIUM

NETGEAR D6100 devices before 1.0.0.50_0.0.50 are affected by command injection.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.5 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
netgear d6100_firmware *
CVE-2017-18793 MEDIUM

NETGEAR R7800 devices before 1.0.2.36 are affected by command injection.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
netgear r7800_firmware *
CVE-2017-18794 MEDIUM

Certain NETGEAR devices are affected by command injection. This affects R6300v2 before 1.0.4.8_10.0.77, R6400 before 1.0.1.24, R6700 before 1.0.1.26, R7000 before 1.0.9.10, R7100LG before 1.0.0.32, R7900 before 1.0.1.18, R8000 before 1.0.3.54, R8500 before 1.0.2.100, and D6100 before 1.0.0.50_0.0.50.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.5 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
netgear r7900_firmware *
netgear r6300_firmware *
netgear r7000_firmware *
netgear r6400_firmware *
netgear r7100lg_firmware *
netgear d6100_firmware *
netgear r6700_firmware *
netgear r8000_firmware *
netgear r8500_firmware *
CVE-2017-18795 MEDIUM

Certain NETGEAR devices are affected by command injection. This affects D6220 before 1.0.0.28 and D6100 before 1.0.0.50_0.0.50.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
netgear d6220_firmware *
netgear d6100_firmware *
CVE-2017-18796 MEDIUM

Certain NETGEAR devices are affected by command injection. This affects R6400 before 1.0.1.24, R6700 before 1.0.1.26, R6900 before 1.0.1.28, R7000 before 1.0.9.10, R7000P before 1.0.1.16, R6900P before 1.0.1.16, and R7800 before 1.0.2.36.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
netgear r6900_firmware *
netgear r7000_firmware *
netgear r6400_firmware *
netgear r7000p_firmware *
netgear r7800_firmware *
netgear r6700_firmware *
netgear r6900p_firmware *
CVE-2017-18797 LOW

Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects R6400 before 1.0.1.24, R7900 before 1.0.1.18, R8000 before 1.0.3.54, and R8500 before 1.0.2.100.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.5 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
netgear r7900_firmware *
netgear r6400_firmware *
netgear r8000_firmware *
netgear r8500_firmware *
CVE-2017-18798 LOW

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R6700v2 before 1.1.0.38, R6800 before 1.1.0.38, D7000 before 1.0.1.50, and D1500 before 1.0.0.25.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 2.5 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
netgear d1500_firmware *
netgear d7000_firmware *
netgear d500_firmware *
netgear r6700_firmware *
netgear r6800_firmware *
CVE-2017-18799 MEDIUM

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R6200v2 before 1.0.3.14, R6250 before 1.0.4.8, R6300v2 before 1.0.4.8, R6700 before 1.1.1.20, R7000 before 1.0.7.10, R7000P/R6900P before 1.0.0.56, R7100LG before 1.0.0.30, R7900 before 1.0.1.14, R8000 before 1.0.3.22, R8500 before 1.0.2.74, and D8500 before 1.0.3.28.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
netgear r7000_firmware *
netgear r7000p_firmware *
netgear d8500_firmware *
netgear r6700_firmware *
netgear r8000_firmware *
netgear r7900_firmware *
netgear r6300_firmware *
netgear r7100lg_firmware *
netgear r8500_firmware *
netgear r6250_firmware *
netgear r6900p_firmware *
netgear r6200_firmware *
CVE-2017-18800 MEDIUM

Certain NETGEAR devices are affected by reflected XSS. This affects R6700v2 before 1.1.0.42 and R6800 before 1.1.0.42.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L 1.8 3.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear r6700_firmware *
netgear r6800_firmware *
CVE-2017-18801 MEDIUM

Certain NETGEAR devices are affected by command injection. This affects R6220 before 1.1.0.50, R6700v2 before 1.1.0.38, R6800 before 1.1.0.38, WNDR3700v5 before 1.1.0.48, and D7000 before 1.0.1.50.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear d7000_firmware *
netgear r6700_firmware *
netgear r6220_firmware *
netgear r6800_firmware *
CVE-2017-18802 MEDIUM

Certain NETGEAR devices are affected by command injection. This affects R6100 before 1.0.1.14, R7500 before 1.0.0.110, R7500v2 before 1.0.3.16, R7800 before 1.0.2.32, EX6200v2 before 1.0.1.50, and D7800 before 1.0.1.22.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear ex6200_firmware *
netgear r7800_firmware *
netgear r6100_firmware *
netgear r7500_firmware *
CVE-2017-18803 LOW

NETGEAR R7800 devices before 1.0.2.30 are affected by incorrect configuration of security settings.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 2.5 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
netgear r7800_firmware *
CVE-2017-18804 MEDIUM

Certain NETGEAR devices are affected by command injection. This affects R7800 before 1.0.2.16 and R9000 before 1.0.2.4.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
netgear r7800_firmware *
netgear r9000_firmware *
CVE-2017-18805 MEDIUM

Certain NETGEAR devices are affected by command injection. This affects WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.7.4.0, WNDAP350 before 3.7.4.0, WNAP320 before 3.7.4.0, WNAP210v2 before 3.7.4.0, and WNDAP360 before 3.7.4.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
netgear wndap620_firmware *
netgear wndap660_firmware *
netgear wnd930_firmware *
netgear wac120_firmware *
netgear wndap360_firmware *
netgear wn604_firmware *
netgear wnap320_firmware *
netgear wndap350_firmware *
netgear wnap210_firmware *
netgear wac510_firmware *
CVE-2017-18806 MEDIUM

Certain NETGEAR devices are affected by command injection. This affects WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.7.4.0, WNDAP350 before 3.7.4.0, WNAP320 before 3.7.4.0, WNAP210v2 before 3.7.4.0, and WNDAP360 before 3.7.4.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
netgear wndap620_firmware *
netgear wndap660_firmware *
netgear wnd930_firmware *
netgear wac120_firmware *
netgear wndap360_firmware *
netgear wn604_firmware *
netgear wnap320_firmware *
netgear wndap350_firmware *
netgear wnap210_firmware *
netgear wac510_firmware *
CVE-2017-18807 LOW

NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear readynas_os *
CVE-2017-18808 MEDIUM

NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by incorrect configuration of security settings.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L 0.8 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear readynas_os *
CVE-2017-18809 LOW

NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear readynas_os *
CVE-2017-18810 LOW

NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear readynas_os *
CVE-2017-18811 LOW

NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear readynas_os *
CVE-2017-18812 LOW

NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear readynas_os *
CVE-2017-18813 LOW

NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear readynas_os *
CVE-2017-18814 LOW

NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear readynas_os *
CVE-2017-18815 LOW

NETGEAR ReadyNAS OS 6 devices, running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear readynas_os *
CVE-2017-18816 LOW

NETGEAR ReadyNAS OS 6 devices, running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear readynas_os *
CVE-2017-18819 LOW

NETGEAR ReadyNAS OS 6 devices, running ReadyNAS OS versions prior to 6.8.0 are affected by incorrect configuration of security settings.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 1.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear readynas_os *
CVE-2017-18820 LOW

NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear readynas_os *
CVE-2017-18821 LOW

Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear m4300-12x12f_firmware *
netgear m4300-48x_firmware *
netgear m4300-52g-poe+_firmware *
netgear m4300-24x_firmware *
netgear m4300-24x24f_firmware *
netgear m4300-8x8f_firmware *
netgear m4300-28g_firmware *
netgear m4300-52g_firmware *
netgear m4300-28g-poe+_firmware *
netgear m4200_firmware *
CVE-2017-18822 MEDIUM

Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,

Products Affected

Vendor Product Version
netgear m4300-12x12f_firmware *
netgear m4300-48x_firmware *
netgear m4300-52g-poe+_firmware *
netgear m4300-24x_firmware *
netgear m4300-24x24f_firmware *
netgear m4300-8x8f_firmware *
netgear m4300-28g_firmware *
netgear m4300-52g_firmware *
netgear m4300-28g-poe+_firmware *
netgear m4200_firmware *
CVE-2017-18823 LOW

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear m4300-12x12f_firmware *
netgear m4300-48x_firmware *
netgear m4300-52g-poe+_firmware *
netgear m4300-24x_firmware *
netgear m4300-24x24f_firmware *
netgear m4300-8x8f_firmware *
netgear m4300-28g_firmware *
netgear m4300-52g_firmware *
netgear m4300-28g-poe+_firmware *
netgear m4200_firmware *
CVE-2017-18824 LOW

Certain NETGEAR devices are affected by directory traversal. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 1.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-22,

Products Affected

Vendor Product Version
netgear m4300-12x12f_firmware *
netgear m4300-48x_firmware *
netgear m4300-52g-poe+_firmware *
netgear m4300-24x_firmware *
netgear m4300-24x24f_firmware *
netgear m4300-8x8f_firmware *
netgear m4300-28g_firmware *
netgear m4300-52g_firmware *
netgear m4300-28g-poe+_firmware *
netgear m4200_firmware *
CVE-2017-18825 LOW

Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear m4300-12x12f_firmware *
netgear m4300-48x_firmware *
netgear m4300-52g-poe+_firmware *
netgear m4300-24x_firmware *
netgear m4300-24x24f_firmware *
netgear m4300-8x8f_firmware *
netgear m4300-28g_firmware *
netgear m4300-52g_firmware *
netgear m4300-28g-poe+_firmware *
netgear m4200_firmware *
CVE-2017-18826 MEDIUM

Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,

Products Affected

Vendor Product Version
netgear m4300-12x12f_firmware *
netgear m4300-48x_firmware *
netgear m4300-52g-poe+_firmware *
netgear m4300-24x_firmware *
netgear m4300-24x24f_firmware *
netgear m4300-8x8f_firmware *
netgear m4300-28g_firmware *
netgear m4300-52g_firmware *
netgear m4300-28g-poe+_firmware *
netgear m4200_firmware *
CVE-2017-18827 LOW

Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear m4300-12x12f_firmware *
netgear m4300-48x_firmware *
netgear m4300-52g-poe+_firmware *
netgear m4300-24x_firmware *
netgear m4300-24x24f_firmware *
netgear m4300-8x8f_firmware *
netgear m4300-28g_firmware *
netgear m4300-52g_firmware *
netgear m4300-28g-poe+_firmware *
netgear m4200_firmware *
CVE-2017-18828 LOW

Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear m4300-12x12f_firmware *
netgear m4300-48x_firmware *
netgear m4300-52g-poe+_firmware *
netgear m4300-24x_firmware *
netgear m4300-24x24f_firmware *
netgear m4300-8x8f_firmware *
netgear m4300-28g_firmware *
netgear m4300-52g_firmware *
netgear m4300-28g-poe+_firmware *
netgear m4200_firmware *
CVE-2017-18829 MEDIUM

Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,

Products Affected

Vendor Product Version
netgear m4300-12x12f_firmware *
netgear m4300-48x_firmware *
netgear m4300-52g-poe+_firmware *
netgear m4300-24x_firmware *
netgear m4300-24x24f_firmware *
netgear m4300-8x8f_firmware *
netgear m4300-28g_firmware *
netgear m4300-52g_firmware *
netgear m4300-28g-poe+_firmware *
netgear m4200_firmware *
CVE-2017-18830 MEDIUM

Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,

Products Affected

Vendor Product Version
netgear m4300-12x12f_firmware *
netgear m4300-48x_firmware *
netgear m4300-52g-poe+_firmware *
netgear m4300-24x_firmware *
netgear m4300-24x24f_firmware *
netgear m4300-8x8f_firmware *
netgear m4300-28g_firmware *
netgear m4300-52g_firmware *
netgear m4300-28g-poe+_firmware *
netgear m4200_firmware *
CVE-2017-18831 LOW

Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear m4300-12x12f_firmware *
netgear m4300-48x_firmware *
netgear m4300-52g-poe+_firmware *
netgear m4300-24x_firmware *
netgear m4300-24x24f_firmware *
netgear m4300-8x8f_firmware *
netgear m4300-28g_firmware *
netgear m4300-52g_firmware *
netgear m4300-28g-poe+_firmware *
netgear m4200_firmware *
CVE-2017-18832 LOW

Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear m4300-12x12f_firmware *
netgear m4300-48x_firmware *
netgear m4300-52g-poe+_firmware *
netgear m4300-24x_firmware *
netgear m4300-24x24f_firmware *
netgear m4300-8x8f_firmware *
netgear m4300-28g_firmware *
netgear m4300-52g_firmware *
netgear m4300-28g-poe+_firmware *
netgear m4200_firmware *
CVE-2017-18833 MEDIUM

Certain NETGEAR devices are affected by reflected XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear m4300-12x12f_firmware *
netgear m4300-48x_firmware *
netgear m4300-52g-poe+_firmware *
netgear m4300-24x_firmware *
netgear m4300-24x24f_firmware *
netgear m4300-8x8f_firmware *
netgear m4300-28g_firmware *
netgear m4300-52g_firmware *
netgear m4300-28g-poe+_firmware *
netgear m4200_firmware *
CVE-2017-18834 MEDIUM

Certain NETGEAR devices are affected by reflected XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear m4300-12x12f_firmware *
netgear m4300-48x_firmware *
netgear m4300-52g-poe+_firmware *
netgear m4300-24x_firmware *
netgear m4300-24x24f_firmware *
netgear m4300-8x8f_firmware *
netgear m4300-28g_firmware *
netgear m4300-52g_firmware *
netgear m4300-28g-poe+_firmware *
netgear m4200_firmware *
CVE-2017-18835 MEDIUM

Certain NETGEAR devices are affected by reflected XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear m4300-12x12f_firmware *
netgear m4300-48x_firmware *
netgear m4300-52g-poe+_firmware *
netgear m4300-24x_firmware *
netgear m4300-24x24f_firmware *
netgear m4300-8x8f_firmware *
netgear m4300-28g_firmware *
netgear m4300-52g_firmware *
netgear m4300-28g-poe+_firmware *
netgear m4200_firmware *
CVE-2017-18836 LOW

Certain NETGEAR devices are affected by denial of service. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.5 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear m4300-12x12f_firmware *
netgear m4300-48x_firmware *
netgear m4300-52g-poe+_firmware *
netgear m4300-24x_firmware *
netgear m4300-24x24f_firmware *
netgear m4300-8x8f_firmware *
netgear m4300-28g_firmware *
netgear m4300-52g_firmware *
netgear m4300-28g-poe+_firmware *
netgear m4200_firmware *
CVE-2017-18837 MEDIUM

Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,

Products Affected

Vendor Product Version
netgear m4300-12x12f_firmware *
netgear m4300-48x_firmware *
netgear m4300-52g-poe+_firmware *
netgear m4300-24x_firmware *
netgear m4300-24x24f_firmware *
netgear m4300-8x8f_firmware *
netgear m4300-28g_firmware *
netgear m4300-52g_firmware *
netgear m4300-28g-poe+_firmware *
netgear m4200_firmware *
CVE-2017-18838 MEDIUM

Certain NETGEAR devices are affected by privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,

Products Affected

Vendor Product Version
netgear m4300-12x12f_firmware *
netgear m4300-48x_firmware *
netgear m4300-52g-poe+_firmware *
netgear m4300-24x_firmware *
netgear m4300-24x24f_firmware *
netgear m4300-8x8f_firmware *
netgear m4300-28g_firmware *
netgear m4300-52g_firmware *
netgear m4300-28g-poe+_firmware *
netgear m4200_firmware *
CVE-2017-18839 LOW

Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear m4300-12x12f_firmware *
netgear m4300-48x_firmware *
netgear m4300-52g-poe+_firmware *
netgear m4300-24x_firmware *
netgear m4300-24x24f_firmware *
netgear m4300-8x8f_firmware *
netgear m4300-28g_firmware *
netgear m4300-52g_firmware *
netgear m4300-28g-poe+_firmware *
netgear m4200_firmware *
CVE-2017-18840 LOW

Certain NETGEAR devices are affected by denial of service. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.5 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
netgear m4300-12x12f_firmware *
netgear m4300-48x_firmware *
netgear m4300-52g-poe+_firmware *
netgear m4300-24x_firmware *
netgear m4300-24x24f_firmware *
netgear m4300-8x8f_firmware *
netgear m4300-28g_firmware *
netgear m4300-52g_firmware *
netgear m4300-28g-poe+_firmware *
netgear m4200_firmware *
CVE-2017-18841 MEDIUM

Certain NETGEAR devices are affected by command injection. This affects R6220 before 1.1.0.46, R6700v2 before 1.1.0.38, R6800 before 1.1.0.38, WNDR3700v5 before 1.1.0.46, and D7000 before 1.0.1.50.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear d7000_firmware *
netgear r6700_firmware *
netgear r6220_firmware *
netgear r6800_firmware *
CVE-2017-18842 MEDIUM

Certain NETGEAR devices are affected by CSRF. This affects R7300 before 1.0.0.54, R8500 before 1.0.2.94, DGN2200v1 before 1.0.0.55, and D2200D/D2200DW-1FRNAS before 1.0.0.32.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
netgear d2200dw-1frnas_firmware *
netgear r7300_firmware *
netgear d2200d_firmware *
netgear r8500_firmware *
netgear dgn2200_firmware *
CVE-2017-18843 LOW

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects R6700v2 before 1.1.0.38, R6800 before 1.1.0.38, and D7000 before 1.0.1.50.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: LOW

Problem Type: CWE-522,

Products Affected

Vendor Product Version
netgear d7000_firmware *
netgear r6700_firmware *
netgear r6800_firmware *
CVE-2017-18844 LOW

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects R6700v2 before 1.1.0.38, R6800 before 1.1.0.38, and D7000 before 1.0.1.50.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: LOW

Problem Type: CWE-522,

Products Affected

Vendor Product Version
netgear d7000_firmware *
netgear r6700_firmware *
netgear r6800_firmware *
CVE-2017-18845 LOW

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects R6700v2 before 1.1.0.38 and R6800 before 1.1.0.38.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: LOW

Problem Type: CWE-522,

Products Affected

Vendor Product Version
netgear r6700_firmware *
netgear r6800_firmware *
CVE-2017-18846 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow. This affects R6250 before 1.0.4.12, R6400v2 before 1.0.2.32, R7000P/R6900P before 1.0.0.56, R7900 before 1.0.1.18, R8300 before 1.0.2.100_1.0.82, R8500 before 1.0.2.100_1.0.82, and D8500 before 1.0.3.29.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear r7900_firmware *
netgear r6400_firmware *
netgear r7000p_firmware *
netgear d8500_firmware *
netgear r8500_firmware *
netgear r6250_firmware *
netgear r6900p_firmware *
netgear r8300_firmware *
CVE-2017-18847 LOW

Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects R6400v2 before 1.0.2.32, R7000P/R6900P before 1.0.0.56, R7900 before 1.0.1.18, R8300 before 1.0.2.100_1.0.82, R8500 before 1.0.2.100_1.0.82, and D8500 before 1.0.3.29.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
netgear r7900_firmware *
netgear r6400_firmware *
netgear r7000p_firmware *
netgear d8500_firmware *
netgear r8500_firmware *
netgear r6900p_firmware *
netgear r8300_firmware *
CVE-2017-18848 MEDIUM

Certain NETGEAR devices are affected by CSRF. This affects R6300v2 before 1.0.0.36, AC1450 before 1.0.0.36, R7300 before 1.0.0.54, and R8500 before 1.0.2.94.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
netgear r6300_firmware *
netgear r7300_firmware *
netgear ac1450_firmware *
netgear r8500_firmware *
CVE-2017-18849 MEDIUM

Certain NETGEAR devices are affected by command injection. This affects D6220 before 1.0.0.26, D6400 before 1.0.0.60, D8500 before 1.0.3.29, R6250 before 1.0.4.12, R6400 before 1.01.24, R6400v2 before 1.0.2.30, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R6900P before 1.0.0.56, R7000 before 1.0.9.4, R7000P before 1.0.0.56, R7100LG before 1.0.0.32, R7300DST before 1.0.0.54, R7900 before 1.0.1.18, R8000 before 1.0.3.44, R8300 before 1.0.2.100_1.0.82, and R8500 before 1.0.2.100_1.0.82.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
netgear r6900_firmware *
netgear r7000_firmware *
netgear d6220_firmware *
netgear r7000p_firmware *
netgear d8500_firmware *
netgear r6700_firmware *
netgear r8000_firmware *
netgear d6400_firmware *
netgear r7900_firmware *
netgear r7300dst_firmware *
netgear r6400_firmware *
netgear r7100lg_firmware *
netgear r8500_firmware *
netgear r6250_firmware *
netgear r6900p_firmware *
netgear r8300_firmware *
CVE-2017-18850 MEDIUM

Certain NETGEAR devices are affected by authentication bypass. This affects D6220 before 1.0.0.26, D6400 before 1.0.0.60, D8500 before 1.0.3.29, R6250 before 1.0.4.12, R6400 before 1.01.24, R6400v2 before 1.0.2.30, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R6900P before 1.0.0.56, R7000 before 1.0.9.4, R7000P before 1.0.0.56, R7100LG before 1.0.0.32, R7300DST before 1.0.0.54, R7900 before 1.0.1.18, R8000 before 1.0.3.44, R8300 before 1.0.2.100_1.0.82, and R8500 before 1.0.2.100_1.0.82.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.5 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
netgear r6900_firmware *
netgear r7000_firmware *
netgear d6220_firmware *
netgear r7000p_firmware *
netgear d8500_firmware *
netgear r6700_firmware *
netgear r8000_firmware *
netgear d6400_firmware *
netgear r7900_firmware *
netgear r7300dst_firmware *
netgear r6400_firmware *
netgear r7100lg_firmware *
netgear r8500_firmware *
netgear r6250_firmware *
netgear r6900p_firmware *
netgear r8300_firmware *
CVE-2017-18851 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D8500 through 1.0.3.28, R6400 through 1.0.1.22, R6400v2 through 1.0.2.18, R8300 through 1.0.2.94, R8500 through 1.0.2.94, and R6100 through 1.0.1.12.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
netgear r6400_firmware *
netgear d8500_firmware *
netgear r6100_firmware *
netgear r8500_firmware *
netgear r8300_firmware *
CVE-2017-18852 MEDIUM

Certain NETGEAR devices are affected by CSRF and authentication bypass. This affects R7300DST before 1.0.0.54, R8300 before 1.0.2.100_1.0.82, R8500 before 1.0.2.100_1.0.82, and WNDR3400v3 before 1.0.1.14.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
netgear r7300dst_firmware *
netgear wndr3400_firmware *
netgear r8500_firmware *
netgear r8300_firmware *
CVE-2017-18853 MEDIUM

Certain NETGEAR devices are affected by password recovery and file access. This affects D8500 1.0.3.27 and earlier, DGN2200v4 1.0.0.82 and earlier, R6300v2 1.0.4.06 and earlier, R6400 1.0.1.20 and earlier, R6400v2 1.0.2.18 and earlier, R6700 1.0.1.22 and earlier, R6900 1.0.1.20 and earlier, R7000 1.0.7.10 and earlier, R7000P 1.0.0.58 and earlier, R7100LG 1.0.0.28 and earlier, R7300DST 1.0.0.52 and earlier, R7900 1.0.1.12 and earlier, R8000 1.0.3.46 and earlier, R8300 1.0.2.86 and earlier, R8500 1.0.2.86 and earlier, WNDR3400v3 1.0.1.8 and earlier, and WNDR4500v2 1.0.0.62 and earlier.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
netgear r6900_firmware *
netgear r7000_firmware *
netgear r7000p_firmware *
netgear d8500_firmware *
netgear r6700_firmware *
netgear r8000_firmware *
netgear wndr4500_firmware *
netgear r7900_firmware *
netgear r7300dst_firmware *
netgear r6300_firmware *
netgear r6400_firmware *
netgear wndr3400_firmware *
netgear r7100lg_firmware *
netgear r8500_firmware *
netgear dgn2200_firmware *
netgear r8300_firmware *
CVE-2017-18854 MEDIUM

NETGEAR ReadyNAS 6.6.1 and earlier is affected by command injection.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
netgear readynas_os_firmware *
CVE-2017-18855 HIGH

NETGEAR WNR854T devices before 1.5.2 are affected by command execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-74,

Products Affected

Vendor Product Version
netgear wnr854t_firmware *
CVE-2017-18856 MEDIUM

NETGEAR ReadyNAS devices before 6.6.1 are affected by command injection.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
netgear readynas_os_firmware *
CVE-2017-18857 HIGH

The NETGEAR Insight application before 2.42 for Android and iOS is affected by password mismanagement.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-521,

Products Affected

Vendor Product Version
netgear insight *
CVE-2017-18858 HIGH

Certain NETGEAR devices are affected by command execution. This affects M4200-10MG-POE+ 12.0.2.11 and earlier, M4300-28G 12.0.2.11 and earlier, M4300-52G 12.0.2.11 and earlier, M4300-28G-POE+ 12.0.2.11 and earlier, M4300-52G-POE+ 12.0.2.11 and earlier, M4300-8X8F 12.0.2.11 and earlier, M4300-12X12F 12.0.2.11 and earlier, M4300-24X24F 12.0.2.11 and earlier, M4300-24X 12.0.2.11 and earlier, and M4300-48X 12.0.2.11 and earlier.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
netgear m4300-12x12f_firmware *
netgear m4300-48x_firmware *
netgear m4300-52g-poe+_firmware *
netgear m4300-24x_firmware *
netgear m4300-24x24f_firmware *
netgear m4300-8x8f_firmware *
netgear m4200-10mg-poe+_firmware *
netgear m4300-28g_firmware *
netgear m4300-52g_firmware *
netgear m4300-28g-poe+_firmware *
CVE-2017-18859 MEDIUM

Certain NETGEAR devices are affected by slowdown/stoppage. This affects C6300 before 2017-05-30, CM400 before 2017-05-30, CM700 before 2017-05-30, and CMD31T before 2017-05-30.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear c6300_firmware *
netgear cm700_firmware *
netgear cmd31t_firmware *
netgear cm400_firmware *
CVE-2017-18860 LOW

Certain NETGEAR devices are affected by debugging command execution. This affects FS752TP 5.4.2.19 and earlier, GS108Tv2 5.4.2.29 and earlier, GS110TP 5.4.2.29 and earlier, GS418TPP 6.6.2.6 and earlier, GS510TLP 6.6.2.6 and earlier, GS510TP 5.04.2.27 and earlier, GS510TPP 6.6.2.6 and earlier, GS716Tv2 5.4.2.27 and earlier, GS716Tv3 6.3.1.16 and earlier, GS724Tv3 5.4.2.27 and earlier, GS724Tv4 6.3.1.16 and earlier, GS728TPSB 5.3.0.29 and earlier, GS728TSB 5.3.0.29 and earlier, GS728TXS 6.1.0.35 and earlier, GS748Tv4 5.4.2.27 and earlier, GS748Tv5 6.3.1.16 and earlier, GS752TPSB 5.3.0.29 and earlier, GS752TSB 5.3.0.29 and earlier, GS752TXS 6.1.0.35 and earlier, M4200 12.0.2.10 and earlier, M4300 12.0.2.10 and earlier, M5300 11.0.0.28 and earlier, M6100 11.0.0.28 and earlier, M7100 11.0.0.28 and earlier, S3300 6.6.1.4 and earlier, XS708T 6.6.0.11 and earlier, XS712T 6.1.0.34 and earlier, and XS716T 6.6.0.11 and earlier.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.7 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 2.5 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-74,

Products Affected

Vendor Product Version
netgear m5300_firmware *
netgear xs716t_firmware *
netgear m4300_firmware *
netgear xs708t_firmware *
netgear gs752tsb_firmware *
netgear gs752tpsb_firmware *
netgear gs510tp_firmware *
netgear m7100_firmware *
netgear gs724t_firmware *
netgear gs728txs_firmware *
netgear fs752tp_firmware *
netgear xs712t_firmware *
netgear s3300_firmware *
netgear gs510tpp_firmware *
netgear gs748t_firmware *
netgear gs728tsb_firmware *
netgear m4200_firmware *
netgear gs110tp_firmware *
netgear gs418tpp_firmware *
netgear gs728tpsb_firmware *
netgear gs108t_firmware *
netgear gs510tlp_firmware *
netgear gs716t_firmware *
netgear gs752txs_firmware *
netgear m6100_firmware *
CVE-2017-18861 HIGH

Certain NETGEAR devices are affected by CSRF. This affects ReadyNAS Surveillance 1.4.3-15-x86 and earlier and ReadyNAS Surveillance 1.1.4-5-ARM and earlier.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.1 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-352,

Products Affected

Vendor Product Version
netgear readynas_surveillance *
CVE-2017-18862 LOW

Certain NETGEAR devices are affected by authentication bypass. This affects JGS516PE before 2017-05-11, JGS524Ev2 before 2017-05-11, JGS524PE before 2017-05-11, GS105Ev2 before 2017-05-11, GS105PE before 2017-05-11, GS108Ev3 before 2017-05-11, GS108PEv3 before 2017-05-11, GS116Ev2 before 2017-05-11, GSS108E before 2017-05-11, GSS116E before 2017-05-11, XS708Ev2 before 2017-05-11, and XS716E before 2017-05-11.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-287,

Products Affected

Vendor Product Version
netgear gs105pe_firmware *
netgear jgs524e_firmware *
netgear jgs524pe_firmware *
netgear xs716e_firmware *
netgear gs108pe_firmware *
netgear gs105e_firmware *
netgear gs116e_firmware *
netgear gs108e_firmware *
netgear xs708e_firmware *
netgear gss116e_firmware *
netgear jgs516pe_firmware *
netgear gss108e_firmware *
CVE-2017-18863 LOW

Certain NETGEAR devices are affected by command execution via a PHP form. This affects WN604 3.3.3 and earlier, WNAP210v2 3.5.20.0 and earlier, WNAP320 3.5.20.0 and earlier, WNDAP350 3.5.20.0 and earlier, WNDAP360 3.5.20.0 and earlier, WNDAP620 2.0.11 and earlier, WNDAP660 3.5.20.0 and earlier, WND930 2.0.11 and earlier, and WAC120 2.0.7 and earlier.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 1.8 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-74,

Products Affected

Vendor Product Version
netgear wndap620_firmware *
netgear wndap660_firmware *
netgear wnd930_firmware *
netgear wac120_firmware *
netgear wndap360_firmware *
netgear wn604_firmware *
netgear wnap320_firmware *
netgear wndap350_firmware *
netgear wnap210_firmware *
CVE-2017-18864 MEDIUM

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects R6400 before 1.0.1.24, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.4, R7000P before 1.0.0.56, R6900P before 1.0.0.56, R7100LG before 1.0.0.32, R7300 before 1.0.0.54, R7900 before 1.0.1.18, R8300 before 1.0.2.104, and R8500 before 1.0.2.104.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netgear r7900_firmware *
netgear r6900_firmware *
netgear r7300_firmware *
netgear r7000_firmware *
netgear r6400_firmware *
netgear r7000p_firmware *
netgear r7100lg_firmware *
netgear r6700_firmware *
netgear r8500_firmware *
netgear r6900p_firmware *
netgear r8300_firmware *
CVE-2017-18865 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R8300 before 1.0.2.104 and R8500 before 1.0.2.104.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear r8500_firmware *
netgear r8300_firmware *
CVE-2017-18866 MEDIUM

Certain NETGEAR devices are affected by stored XSS. This affects R9000 before 1.0.2.40, R6100 before 1.0.1.1, 6R7500 before 1.0.0.110, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, WNDR4300v2 before 1.0.0.48, and WNR2000v5 before 1.0.0.58.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear r6100_firmware *
netgear r7500_firmware *
netgear 6r7500_firmware *
netgear r9000_firmware *
netgear wnr2000_firmware *
CVE-2017-18867 MEDIUM

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D6100 before 1.0.0.55, D7800 before V1.0.1.24, R7100LG before V1.0.0.32, WNDR4300v1 before 1.0.2.90, and WNDR4500v3 before 1.0.0.48.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear wndr4300_firmware *
netgear r7100lg_firmware *
netgear d6100_firmware *
netgear wndr4500_firmware *
CVE-2017-2137 MEDIUM

ProSAFE Plus Configuration Utility prior to 2.3.29 allows remote attackers to bypass access restriction and change configurations of the switch via SOAP requests.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear prosafe_plus_configuration_utility *
CVE-2017-5521 MEDIUM

An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices. They are prone to password disclosure via simple crafted requests to the web management server. The bug is exploitable remotely if the remote management option is set, and can also be exploited given access to the router over LAN or WLAN. When trying to access the web panel, a user is asked to authenticate; if the authentication is canceled and password recovery is not enabled, the user is redirected to a page that exposes a password recovery token. If a user supplies the correct token to the page /passwordrecovered.cgi?id=TOKEN (and password recovery is not enabled), they will receive the admin password for the router. If password recovery is set the exploit will fail, as it will ask the user for the recovery questions that were previously set when enabling that feature. This is persistent (even after disabling the recovery option, the exploit will fail) because the router will ask for the security questions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear d6220_firmware 1.0.0.12
netgear wnr1000v3_firmware 1.0.2.68_60.0.93
netgear d6300b_firmware 1.0.0.40
netgear d6400_firmware 1.0.0.44
netgear r6300_firmware 1.0.2.78_1.0.58
netgear d6300_firmware 1.0.0.96
netgear wndr4500_firmware 1.0.1.44_1.0.73
netgear dgn2200bv4_firmware 1.0.0.68
netgear r6200_firmware 1.0.1.56_1.0.43
netgear vegn2610_firmware 1.0.0.36
netgear wndr3700v3_firmware 1.0.0.40_1.0.32
netgear wndr4000_firmware 1.0.2.4_9.1.86
netgear ac1450_firmware 1.0.0.34_10.0.16
CVE-2017-6077 HIGH

ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping_IPAddr field of an HTTP POST request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
netgear dgn2200_firmware *
CVE-2017-6334 HIGH

dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the host_name field of an HTTP POST request, a different vulnerability than CVE-2017-6077.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
netgear dgn2200_series_firmware *
CVE-2017-6366 MEDIUM

Cross-site request forgery (CSRF) vulnerability in NETGEAR DGN2200 routers with firmware 10.0.0.20 through 10.0.0.50 allows remote attackers to hijack the authentication of users for requests that perform DNS lookups via the host_name parameter to dnslookup.cgi. NOTE: this issue can be combined with CVE-2017-6334 to execute arbitrary code remotely.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
netgear dgn2200_firmware *
CVE-2017-6862 HIGH

NETGEAR WNR2000v3 devices before 1.1.2.14, WNR2000v4 devices before 1.0.0.66, and WNR2000v5 devices before 1.0.0.42 allow authentication bypass and remote code execution via a buffer overflow that uses a parameter in the administration webapp. The NETGEAR ID is PSV-2016-0261.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
netgear wnr2000v5_firmware *
netgear wnr2000v3_firmware *
netgear wnr2000v4_firmware *
CVE-2018-11106 HIGH

NETGEAR has released fixes for a pre-authentication command injection in request_handler.php security vulnerability on the following product models: WC7500, running firmware versions prior to 6.5.3.5; WC7520, running firmware versions prior to 2.5.0.46; WC7600v1, running firmware versions prior to 6.5.3.5; WC7600v2, running firmware versions prior to 6.5.3.5; and WC9500, running firmware versions prior to 6.5.3.5.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear wc7520_firmware *
netgear wc7500_firmware *
netgear wc9500_firmware *
netgear wc7600v2_firmware *
netgear wc7600v1_firmware *
CVE-2018-21093 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D8500 before 1.0.3.42, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.24, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150 before 1.0.0.42, EX6200 before 1.0.3.88, EX7000 before 1.0.0.66, R6250 before 1.0.4.26, R6300-2CXNAS before 1.0.3.60, R6300v2 before 1.0.4.28, R6400 before 1.0.1.36, R6400v2 before 1.0.2.52, R6700 before 1.0.1.46, R6900 before 1.0.1.46, R7000 before 1.0.9.28, R7000P before 1.3.1.44, R6900P before 1.3.1.44, R7100LG before 1.0.0.46, R7300 before 1.0.0.68, R7900 before 1.0.2.10, R8000 before 1.0.4.18, R8000P before 1.3.0.10, R7900P before 1.3.0.10, R8500 before 1.0.2.122, R8300 before 1.0.2.122, RBW30 before 2.1.2.6, WN2500RPv2 before 1.0.0.54, and WNR3500Lv2 before 1.2.0.56.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear r6300-2cxnas_firmware *
netgear r6900_firmware *
netgear r7000_firmware *
netgear r7900p_firmware *
netgear r7000p_firmware *
netgear wnr3500l_firmware *
netgear r8000_firmware *
netgear ex3800_firmware *
netgear ex6150_firmware *
netgear r7300_firmware *
netgear r6400_firmware *
netgear ex6120_firmware *
netgear wn2500rp_firmware *
netgear r8500_firmware *
netgear r6250_firmware *
netgear r6900p_firmware *
netgear r8300_firmware *
netgear ex6100_firmware *
netgear ex6200_firmware *
netgear ex6130_firmware *
netgear ex6000_firmware *
netgear rbw30_firmware *
netgear d8500_firmware *
netgear ex7000_firmware *
netgear r6700_firmware *
netgear r7900_firmware *
netgear r6300_firmware *
netgear r7100lg_firmware *
netgear ex3700_firmware *
netgear r8000p_firmware *
CVE-2018-21094 HIGH

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 3.9 3.4

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
netgear wndap620_firmware *
netgear wndap660_firmware *
netgear wnd930_firmware *
netgear wac120_firmware *
netgear wndap360_firmware *
netgear wn604_firmware *
netgear wac505_firmware *
netgear wnap320_firmware *
netgear wndap350_firmware *
netgear wnap210_firmware *
netgear wac510_firmware *
CVE-2018-21095 LOW

Certain NETGEAR devices are affected by stored XSS. This affects SRR60 before 2.2.1.210 and SRS60 before 2.2.1.210.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.2 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear srs60_firmware *
netgear srr60_firmware *
CVE-2018-21096 MEDIUM

Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.5 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
netgear wndap620_firmware *
netgear wndap660_firmware *
netgear wnd930_firmware *
netgear wac120_firmware *
netgear wndap360_firmware *
netgear wn604_firmware *
netgear wac505_firmware *
netgear wnap320_firmware *
netgear wndap350_firmware *
netgear wnap210_firmware *
netgear wac510_firmware *
CVE-2018-21097 HIGH

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WAC120 before 2.1.7, WN604 before 3.3.10, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, and WND930 before 2.1.5.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear wndap620_firmware *
netgear wndap660_firmware *
netgear wnd930_firmware *
netgear wac120_firmware *
netgear wndap360_firmware *
netgear wn604_firmware *
netgear wac505_firmware *
netgear wnap320_firmware *
netgear wndap350_firmware *
netgear wnap210_firmware *
netgear wac510_firmware *
CVE-2018-21098 MEDIUM

NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
netgear r7800_firmware *
CVE-2018-21099 MEDIUM

NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
netgear r7800_firmware *
CVE-2018-21100 MEDIUM

NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
netgear r7800_firmware *
CVE-2018-21101 MEDIUM

NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
netgear r7800_firmware *
CVE-2018-21102 MEDIUM

NETGEAR ReadyNAS devices before 6.9.3 are affected by CSRF.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
netgear readynas_os_firmware *
CVE-2018-21103 MEDIUM

NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
netgear r7800_firmware *
CVE-2018-21104 MEDIUM

NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
netgear r7800_firmware *
CVE-2018-21105 MEDIUM

NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
netgear r7800_firmware *
CVE-2018-21106 MEDIUM

NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
netgear r7800_firmware *
CVE-2018-21107 MEDIUM

NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
netgear r7800_firmware *
CVE-2018-21108 MEDIUM

NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
netgear r7800_firmware *
CVE-2018-21109 MEDIUM

NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
netgear r7800_firmware *
CVE-2018-21110 MEDIUM

NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
netgear r7800_firmware *
CVE-2018-21111 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.60, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.66.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear d3600_firmware *
netgear r7800_firmware *
netgear d6100_firmware *
netgear r8900_firmware *
netgear d6000_firmware *
netgear r9000_firmware *
netgear wnr2000_firmware *
netgear wndr4500_firmware *
CVE-2018-21112 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.44, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.12, and R9000 before 1.0.4.12.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear r7800_firmware *
netgear r8900_firmware *
netgear r7500_firmware *
netgear r9000_firmware *
CVE-2018-21113 MEDIUM

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6100 before 1.0.0.58, D7800 before 1.0.1.42, R6100 before 1.0.1.28, R7500 before 1.0.0.130, R7500v2 before 1.0.3.36, R7800 before 1.0.2.52, R8900 before 1.0.4.12, R9000 before 1.0.4.12, WNDR3700v4 before 1.0.2.102, WNDR4300 before 1.0.2.104, WNDR4300v2 before 1.0.0.56, and WNDR4500v3 before 1.0.0.56.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear r6100_firmware *
netgear d6100_firmware *
netgear r8900_firmware *
netgear r7500_firmware *
netgear r9000_firmware *
netgear wndr4500_firmware *
CVE-2018-21114 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.44, EX6150v2 before 1.0.1.70, EX6100v2 before 1.0.1.70, EX6200v2 before 1.0.1.64, EX7300 before 1.0.2.136, EX6400 before 1.0.2.136, R6100 before 1.0.1.16, R7500 before 1.0.0.110, R7800 before 1.0.2.32, R9000 before 1.0.4.12, WN3000RPv2 before 1.0.0.56, WN3000RPv3 before 1.0.2.52, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
netgear ex6100_firmware *
netgear ex6200_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear r6100_firmware *
netgear r9000_firmware *
netgear wndr4500_firmware *
netgear ex6400_firmware *
netgear ex7300_firmware *
netgear d7800_firmware *
netgear ex6150_firmware *
netgear wn3000rp_firmware *
netgear r7500_firmware *
CVE-2018-21115 MEDIUM

NETGEAR XR500 devices before 2.3.2.32 are affected by remote code execution by unauthenticated attackers.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
netgear xr500_firmware *
CVE-2018-21116 MEDIUM

NETGEAR XR500 devices before 2.3.2.32 are affected by remote code execution by unauthenticated attackers.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear xr500_firmware *
CVE-2018-21117 MEDIUM

NETGEAR XR500 devices before 2.3.2.32 are affected by remote code execution by unauthenticated attackers via the traceroute handler.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear xr500_firmware *
CVE-2018-21118 MEDIUM

NETGEAR XR500 devices before 2.3.2.32 are affected by authentication bypass.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
netgear xr500_firmware *
CVE-2018-21119 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WAC505 before 5.0.5.4 and WAC510 before 5.0.5.4.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
netgear wac505_firmware *
netgear wac510_firmware *
CVE-2018-21120 MEDIUM

Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 2.1 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
netgear wndap620_firmware *
netgear wndap660_firmware *
netgear wnd930_firmware *
netgear wac120_firmware *
netgear wndap360_firmware *
netgear wn604_firmware *
netgear wac505_firmware *
netgear wnap320_firmware *
netgear wndap350_firmware *
netgear wnap210_firmware *
netgear wac510_firmware *
CVE-2018-21121 MEDIUM

Certain NETGEAR devices are affected by authentication bypass. This affects GS810EMX before 1.0.0.5, XS512EM before 1.0.0.6, and XS724EM before 1.0.0.6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
netgear xs512em_firmware *
netgear xs724em_firmware *
netgear gs810emx_firmware *
CVE-2018-21122 LOW

Certain NETGEAR devices are affected by denial of service. This affects GS110EMX before 1.0.0.9, GS810EMX before 1.0.0.5, XS512EM before 1.0.0.6, and XS724EM before 1.0.0.6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
netgear xs512em_firmware *
netgear gs110emx_firmware *
netgear xs724em_firmware *
netgear gs810emx_firmware *
CVE-2018-21123 MEDIUM

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WC7500 before 6.5.3.9, WC7520 before 6.5.3.9, WC7600v1 before 6.5.3.9, and WC7600v2 before 6.5.3.9.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
netgear wc7600_firmware *
netgear wc7520_firmware *
netgear wc7500_firmware *
CVE-2018-21124 MEDIUM

NETGEAR WAC510 devices before 5.0.0.17 are affected by privilege escalation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,

Products Affected

Vendor Product Version
netgear wac505_firmware *
netgear wac510_firmware *
CVE-2018-21125 MEDIUM

NETGEAR WAC510 devices before 5.0.0.17 are affected by authentication bypass.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
netgear wac510_firmware *
CVE-2018-21126 MEDIUM

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
netgear wac505_firmware *
netgear wac510_firmware *
CVE-2018-21127 MEDIUM

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
netgear wac505_firmware *
netgear wac510_firmware *
CVE-2018-21128 MEDIUM

Certain NETGEAR devices are affected by authentication bypass. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
netgear wac505_firmware *
netgear wac510_firmware *
CVE-2018-21129 LOW

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
netgear wac505_firmware *
netgear wac510_firmware *
CVE-2018-21130 MEDIUM

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
netgear wac505_firmware *
netgear wac510_firmware *
CVE-2018-21131 MEDIUM

Certain NETGEAR devices are affected by unauthenticated firmware downgrade. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear wac505_firmware *
netgear wac510_firmware *
CVE-2018-21132 HIGH

Certain NETGEAR devices are affected by authentication bypass. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,

Products Affected

Vendor Product Version
netgear wac505_firmware *
netgear wac510_firmware *
CVE-2018-21133 HIGH

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear wac505_firmware *
netgear wac510_firmware *
CVE-2018-21134 HIGH

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects R6700 before 1.0.1.48, R7900 before 1.0.2.16, R6900 before 1.0.1.48, R7000P before 1.3.1.44, R6900P before 1.3.1.44, R6250 before 1.0.4.30, R6300v2 before 1.0.4.32, R6400 before 1.0.1.44, R6400v2 before 1.0.2.60, R7000 before 1.0.9.34, R7100LG before 1.0.0.48, R7300 before 1.0.0.68, R8000 before 1.0.4.18, R8000P before 1.4.1.24, R7900P before 1.4.1.24, R8500 before 1.0.2.122, R8300 before 1.0.2.122, WN2500RPv2 before 1.0.1.54, EX3700 before 1.0.0.72, EX3800 before 1.0.0.72, EX6000 before 1.0.0.32, EX6100 before 1.0.2.24, EX6120 before 1.0.0.42, EX6130 before 1.0.0.24, EX6150v1 before 1.0.0.42, EX6200 before 1.0.3.88, EX7000 before 1.0.0.66, D7000v2 before 1.0.0.51, D6220 before 1.0.0.46, D6400 before 1.0.0.82, and D8500 before 1.0.3.42.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear d7000_firmware *
netgear r6900_firmware *
netgear r7000_firmware *
netgear r7900p_firmware *
netgear d6220_firmware *
netgear r7000p_firmware *
netgear r8000_firmware *
netgear d6400_firmware *
netgear ex3800_firmware *
netgear ex6150_firmware *
netgear r7300_firmware *
netgear r6400_firmware *
netgear ex6120_firmware *
netgear wn2500rp_firmware *
netgear r8500_firmware *
netgear r6250_firmware *
netgear r6900p_firmware *
netgear r8300_firmware *
netgear ex6100_firmware *
netgear ex6200_firmware *
netgear ex6130_firmware *
netgear ex6000_firmware *
netgear d8500_firmware *
netgear ex7000_firmware *
netgear r6700_firmware *
netgear r7900_firmware *
netgear r6300_firmware *
netgear r7100lg_firmware *
netgear ex3700_firmware *
netgear r8000p_firmware *
CVE-2018-21135 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R6700 before 1.0.1.48, R7500 before 1.0.0.124, R7800 before 1.0.2.58, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.56, WNDR4500v3 before 1.0.0.56, and WNR2000v5-R2000 before 1.0.0.68.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear r8900_firmware *
netgear r6700_firmware *
netgear r7500_firmware *
netgear r9000_firmware *
netgear wnr2000_firmware *
netgear wndr4500_firmware *
CVE-2018-21136 LOW

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects D3600 before 1.0.0.76 and D6000 before 1.0.0.76.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.6 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 0.9 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
netgear d3600_firmware *
netgear d6000_firmware *
CVE-2018-21137 HIGH

Certain NETGEAR devices are affected by a hardcoded password. This affects D3600 before 1.0.0.76 and D6000 before 1.0.0.76.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
netgear d3600_firmware *
netgear d6000_firmware *
CVE-2018-21138 MEDIUM

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.76 and D6000 before 1.0.0.76.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear d3600_firmware *
netgear d6000_firmware *
CVE-2018-21139 MEDIUM

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects D1500 before 1.0.0.27, D500 before 1.0.0.27, D6100 before 1.0.0.58, D6200 before 1.1.00.30, D6220 before 1.0.0.46, D6400 before 1.0.0.82, D7000 before 1.0.1.68, D7000v2 before 1.0.0.51, D7800 before 1.0.1.42, D8500 before 1.0.3.42, DC112A before 1.0.0.40, DGN2200Bv4 before 1.0.0.102, DGN2200v4 before 1.0.0.102, JNR1010v2 before 1.1.0.54, JR6150 before 1.0.1.18, JWNR2010v5 before 1.1.0.54, PR2000 before 1.0.0.24, R6020 before 1.0.0.34, R6050 before 1.0.1.18, R6080 before 1.0.0.34, R6100 before 1.0.1.22, R6120 before 1.0.0.42, R6220 before 1.1.0.68, R6250 before 1.0.4.30, R6300v2 before 1.0.4.32, R6400 before 1.0.1.44, R6400v2 before 1.0.2.60, R6700 before 1.0.1.48, R6700v2 before 1.2.0.24, R6800 before 1.2.0.24, R6900 before 1.0.1.48, R6900P before 1.3.1.44, R6900v2 before 1.2.0.24, R7000 before 1.0.9.34, R7000P before 1.3.1.44, R7100LG before 1.0.0.48, R7300 before 1.0.0.68, R7500 before 1.0.0.124, R7500v2 before 1.0.3.38, R7900 before 1.0.2.16, R7900P before 1.4.1.24, R8000 before 1.0.4.18, R8000P before 1.4.1.24, R8300 before 1.0.2.122, R8500 before 1.0.2.122, WN3000RP before 1.0.0.68, WN3000RPv2 before 1.0.0.68, WNDR3400v3 before 1.0.1.18, WNDR3700v4 before 1.0.2.102, WNDR3700v5 before 1.1.0.54, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.56, WNDR4500v3 before 1.0.0.56, WNR1000v4 before 1.1.0.54, WNR2020 before 1.1.0.54, WNR2050 before 1.1.0.54, and WNR3500Lv2 before 1.2.0.54.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear r6900_firmware *
netgear r6080_firmware *
netgear r7000_firmware *
netgear wnr3500l_firmware *
netgear r6100_firmware *
netgear d6100_firmware *
netgear r8000_firmware *
netgear r6400_firmware *
netgear wndr3400_firmware *
netgear jwnr2010_firmware *
netgear r8500_firmware *
netgear r6800_firmware *
netgear r6250_firmware *
netgear r6900p_firmware *
netgear r8300_firmware *
netgear d8500_firmware *
netgear jnr1010_firmware *
netgear r7900_firmware *
netgear d7800_firmware *
netgear r6300_firmware *
netgear r7500_firmware *
netgear r6120_firmware *
netgear wnr2050_firmware *
netgear d1500_firmware *
netgear d7000_firmware *
netgear r7900p_firmware *
netgear d6220_firmware *
netgear wnr1000_firmware *
netgear wndr4300_firmware *
netgear r7000p_firmware *
netgear d500_firmware *
netgear d6400_firmware *
netgear r6020_firmware *
netgear wndr4500_firmware *
netgear r7300_firmware *
netgear jr6150_firmware *
netgear pr2000_firmware *
netgear dgn2200_firmware *
netgear dgn2200b_firmware *
netgear r6050_firmware *
netgear r6700_firmware *
netgear dc112a_firmware *
netgear d6200_firmware *
netgear r7100lg_firmware *
netgear wn3000rp_firmware *
netgear r8000p_firmware *
netgear r6220_firmware *
netgear wnr2020_firmware *
CVE-2018-21140 LOW

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.76 and D6000 before 1.0.0.76.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
netgear d3600_firmware *
netgear d6000_firmware *
CVE-2018-21141 LOW

Certain NETGEAR devices are affected by denial of service. This affects R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 0.9 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear r6100_firmware *
netgear r8900_firmware *
netgear r7500_firmware *
netgear r9000_firmware *
netgear wnr2000_firmware *
netgear wndr4500_firmware *
CVE-2018-21142 MEDIUM

Certain NETGEAR devices are affected by denial of service. This affects R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear r6100_firmware *
netgear r8900_firmware *
netgear r7500_firmware *
netgear r9000_firmware *
netgear wnr2000_firmware *
netgear wndr4500_firmware *
CVE-2018-21143 LOW

NETGEAR GS810EMX devices before 1.0.0.5 are affected by disclosure of sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
netgear gs810emx_firmware *
CVE-2018-21144 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects DM200 before 1.0.0.52, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.16, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear dm200_firmware *
netgear r7800_firmware *
netgear r8900_firmware *
netgear r7500_firmware *
netgear r9000_firmware *
netgear wnr2000_firmware *
netgear wndr4500_firmware *
CVE-2018-21145 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear dm200_firmware *
netgear r7800_firmware *
netgear r6100_firmware *
netgear r8900_firmware *
netgear r7500_firmware *
netgear r9000_firmware *
netgear wnr2000_firmware *
netgear wndr4500_firmware *
CVE-2018-21146 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR4300v2 before 1.0.0.54, and WNDR4500v3 before 1.0.0.54.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear r8900_firmware *
netgear r9000_firmware *
netgear wndr4500_firmware *
CVE-2018-21147 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR4300v2 before 1.0.0.54, and WNDR4500v3 before 1.0.0.54.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear r8900_firmware *
netgear r7500_firmware *
netgear r9000_firmware *
netgear wndr4500_firmware *
CVE-2018-21148 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear dm200_firmware *
netgear r7800_firmware *
netgear r6100_firmware *
netgear r8900_firmware *
netgear r7500_firmware *
netgear r9000_firmware *
netgear wnr2000_firmware *
netgear wndr4500_firmware *
CVE-2018-21149 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.0.54, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear dm200_firmware *
netgear r7800_firmware *
netgear r6100_firmware *
netgear r8900_firmware *
netgear r7500_firmware *
netgear r9000_firmware *
netgear wnr2000_firmware *
netgear wndr4500_firmware *
CVE-2018-21150 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear dm200_firmware *
netgear r7800_firmware *
netgear r6100_firmware *
netgear r8900_firmware *
netgear r7500_firmware *
netgear r9000_firmware *
netgear wnr2000_firmware *
netgear wndr4500_firmware *
CVE-2018-21151 MEDIUM

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR4300v2 before 1.0.0.54, and WNDR4500v3 before 1.0.0.54.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear r8900_firmware *
netgear r7500_firmware *
netgear r9000_firmware *
netgear wndr4500_firmware *
CVE-2018-21152 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR4300v2 before 1.0.0.54, and WNDR4500v3 before 1.0.0.54.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear r8900_firmware *
netgear r7500_firmware *
netgear r9000_firmware *
netgear wndr4500_firmware *
CVE-2018-21153 HIGH

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, EX2700 before 1.0.1.32, EX6100v2 before 1.0.1.70, EX6150v2 before 1.0.1.70, EX6200v2 before 1.0.1.62, EX6400 before 1.0.1.78, EX7300 before 1.0.1.62, EX8000 before 1.0.0.114, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.40, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WN2000RPTv3 before 1.0.1.26, WN3000RPv2 before 1.0.0.56, WN3000RPv3 before 1.0.2.66, WN3100RPv2 before 1.0.0.56, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netgear ex6100_firmware *
netgear ex8000_firmware *
netgear ex6200_firmware *
netgear wndr4300_firmware *
netgear wn2000rpt_firmware *
netgear r7800_firmware *
netgear r6100_firmware *
netgear r9000_firmware *
netgear wn3100rp_firmware *
netgear wndr4500_firmware *
netgear ex6400_firmware *
netgear ex7300_firmware *
netgear d7800_firmware *
netgear ex6150_firmware *
netgear dm200_firmware *
netgear wn3000rp_firmware *
netgear r8900_firmware *
netgear r7500_firmware *
netgear ex2700_firmware *
netgear wnr2000_firmware *
CVE-2018-21154 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, and R7800 before 1.0.2.42.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear dm200_firmware *
netgear r7800_firmware *
netgear r6100_firmware *
netgear r7500_firmware *
CVE-2018-21155 MEDIUM

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.52, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R8900 before 1.0.4.2, R9000 before 1.0.3.16, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear wndr4300_firmware *
netgear dm200_firmware *
netgear r7800_firmware *
netgear r6100_firmware *
netgear r8900_firmware *
netgear r7500_firmware *
netgear r9000_firmware *
netgear wnr2000_firmware *
netgear wndr4500_firmware *
CVE-2018-21156 MEDIUM

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D6220 before 1.0.0.38, D6400 before 1.0.0.74, D7000v2 before 1.0.0.74, D8500 before 1.0.3.39, DGN2200v4 before 1.0.0.102, DGN2200Bv4 before 1.0.0.102, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.22, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150 before 1.0.0.38, EX6200 before 1.0.3.86, EX7000 before 1.0.0.64, R6250 before 1.0.4.20, R6300v2 before 1.0.4.22, R6400 before 1.0.1.32, R6400v2 before 1.0.2.52, R6700 before 1.0.1.44, R6900 before 1.0.1.44, R6900P before 1.3.0.18, R7000 before 1.0.9.28, R7000P before 1.3.0.18, R7300DST before 1.0.0.62, R7900 before 1.0.2.10, R7900P before 1.3.0.10, R8000 before 1.0.4.12, R8000P before 1.3.0.10, R8300 before 1.0.2.116, R8500 before 1.0.2.116, WN2500RPv2 before 1.0.1.52, WNDR3400v3 before 1.0.1.18, and WNR3500Lv2 before 1.2.0.46.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netgear d7000_firmware *
netgear r6900_firmware *
netgear r7000_firmware *
netgear r7900p_firmware *
netgear d6220_firmware *
netgear r7000p_firmware *
netgear wnr3500l_firmware *
netgear r8000_firmware *
netgear d6400_firmware *
netgear ex3800_firmware *
netgear r7300dst_firmware *
netgear ex6150_firmware *
netgear r6400_firmware *
netgear wndr3400_firmware *
netgear ex6120_firmware *
netgear wn2500rp_firmware *
netgear r8500_firmware *
netgear r6250_firmware *
netgear r6900p_firmware *
netgear dgn2200_firmware *
netgear dgn2200b_firmware *
netgear r8300_firmware *
netgear ex6100_firmware *
netgear ex6200_firmware *
netgear ex6130_firmware *
netgear ex6000_firmware *
netgear d8500_firmware *
netgear ex7000_firmware *
netgear r6700_firmware *
netgear r7900_firmware *
netgear r6300_firmware *
netgear ex3700_firmware *
netgear r8000p_firmware *
CVE-2018-21157 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.28, R6700 before 1.0.1.44, R6900 before 1.0.1.44, R7000 before 1.0.9.28, R7500v2 before 1.0.3.24, R7800 before 1.0.2.38, R9000 before 1.0.2.52, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear r6900_firmware *
netgear r7000_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear r6700_firmware *
netgear r7500_firmware *
netgear r9000_firmware *
netgear wndr4500_firmware *
CVE-2018-21158 MEDIUM

NETGEAR R7800 devices before 1.0.2.46 are affected by incorrect configuration of security settings.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear r7800_firmware *
CVE-2018-21159 MEDIUM

NETGEAR ReadyNAS devices before 6.9.3 are affected by incorrect configuration of security settings.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear readynas_os *
CVE-2018-21160 MEDIUM

NETGEAR ReadyNAS devices before 6.9.3 are affected by CSRF.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
netgear readynas_os *
CVE-2018-21161 HIGH

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D7800 before 1.0.1.34, R7800 before 1.0.2.46, and R9000 before 1.0.3.16.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear r7800_firmware *
netgear r9000_firmware *
CVE-2018-21162 HIGH

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6400 before 1.0.0.78, EX6200 before 1.0.3.86, EX7000 before 1.0.0.64, R6250 before 1.0.4.8, R6300v2 before 1.0.4.6, R6400 before 1.0.1.12, R6700 before 1.0.1.16, R7000 before 1.0.7.10, R7100LG before 1.0.0.42, R7300DST before 1.0.0.44, R7900 before 1.0.1.12, R8000 before 1.0.3.36, R8300 before 1.0.2.74, R8500 before 1.0.2.74, WNDR3400v3 before 1.0.1.14, and WNR3500Lv2 before 1.2.0.48.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
netgear ex6200_firmware *
netgear r7000_firmware *
netgear wnr3500l_firmware *
netgear ex7000_firmware *
netgear r6700_firmware *
netgear r8000_firmware *
netgear d6400_firmware *
netgear r7900_firmware *
netgear r7300dst_firmware *
netgear r6300_firmware *
netgear r6400_firmware *
netgear wndr3400_firmware *
netgear r7100lg_firmware *
netgear r8500_firmware *
netgear r6250_firmware *
netgear r8300_firmware *
CVE-2018-21163 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects DGN2200Bv4 before 1.0.0.102, DGN2200v4 before 1.0.0.102, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.22, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150 before 1.0.0.38, EX6200 before 1.0.3.86, EX7000 before 1.0.0.64, R6300v2 before 1.0.4.22, R6900P before 1.3.0.18, R7000P before 1.3.0.18, R7300DST before 1.0.0.62, R7900P before 1.3.0.10, R8000 before 1.0.4.12, R8000P before 1.3.0.10, WN2500RPv2 before 1.0.1.52, and WNDR3400v3 before 1.0.1.18.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear ex6100_firmware *
netgear ex6200_firmware *
netgear r7900p_firmware *
netgear ex6130_firmware *
netgear ex6000_firmware *
netgear r7000p_firmware *
netgear ex7000_firmware *
netgear r8000_firmware *
netgear ex3800_firmware *
netgear r7300dst_firmware *
netgear ex6150_firmware *
netgear r6300_firmware *
netgear wndr3400_firmware *
netgear ex6120_firmware *
netgear ex3700_firmware *
netgear wn2500rp_firmware *
netgear r8000p_firmware *
netgear r6900p_firmware *
netgear dgn2200_firmware *
netgear dgn2200b_firmware *
CVE-2018-21164 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6220 before 1.1.0.64 and WNDR3700v5 before 1.1.0.54.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear r6220_firmware *
CVE-2018-21165 MEDIUM

Certain NETGEAR devices are affected by denial of service. This affects R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear r6100_firmware *
netgear r8900_firmware *
netgear r7500_firmware *
netgear r9000_firmware *
netgear wnr2000_firmware *
netgear wndr4500_firmware *
CVE-2018-21166 MEDIUM

Certain NETGEAR devices are affected by denial of service. This affects R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear r6100_firmware *
netgear r8900_firmware *
netgear r7500_firmware *
netgear r9000_firmware *
netgear wnr2000_firmware *
netgear wndr4500_firmware *
CVE-2018-21167 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D6100 before 1.0.0.57, DM200 before 1.0.0.50, EX2700 before 1.0.1.32, EX6100v2 before 1.0.1.70, EX6150v2 before 1.0.1.70, EX6200v2 before 1.0.1.62, EX6400 before 1.0.1.78, EX7300 before 1.0.1.78, EX8000 before 1.0.0.114, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WN2000RPTv3 before 1.0.1.26, WN3000RPv3 before 1.0.2.66, WN3100RPv2 before 1.0.0.42, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear ex6100_firmware *
netgear wndr3700_firmware *
netgear ex8000_firmware *
netgear ex6200_firmware *
netgear wndr4300_firmware *
netgear wn2000rpt_firmware *
netgear r7800_firmware *
netgear r6100_firmware *
netgear d6100_firmware *
netgear r9000_firmware *
netgear wn3100rp_firmware *
netgear wndr4500_firmware *
netgear ex6400_firmware *
netgear ex7300_firmware *
netgear ex6150_firmware *
netgear dm200_firmware *
netgear wn3000rp_firmware *
netgear r8900_firmware *
netgear r7500_firmware *
netgear ex2700_firmware *
netgear wnr2000_firmware *
CVE-2018-21168 MEDIUM

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects D7000 before 1.0.1.52, D7800 before 1.0.1.31, D8500 before 1.0.3.36, JNR1010v2 before 1.1.0.46, JR6150 before 1.0.1.14, JWNR2010v5 before 1.1.0.46, PR2000 before 1.0.0.20, R6050 before 1.0.1.14, R6220 before 1.1.0.60, R6400 before 1.1.0.26, R6400v2 before 1.0.2.46, R6700v2 before 1.2.0.2, R6800 before 1.2.0.2, R6900v2 before 1.2.0.2, R7300DST before 1.0.0.56, R7500 before 1.0.0.112, R7500v2 before 1.0.3.24, R7800 before 1.0.2.36, R7900P before 1.1.4.6, R8000P before 1.1.4.6, R8300 before 1.0.2.104, R8500 before 1.0.2.104, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.94, WNDR3700v5 before 1.1.0.50, WNDR4300 before 1.0.2.96, WNDR4300v2 before 1.0.0.52, WNDR4500v3 before 1.0.0.52, WNR1000v4 before 1.1.0.46, WNR2020 before 1.1.0.46, and WNR2050 before 1.1.0.46.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear wnr2050_firmware *
netgear d7000_firmware *
netgear r6900_firmware *
netgear r7900p_firmware *
netgear wnr1000_firmware *
netgear wndr4300_firmware *
netgear wndr4500_firmware *
netgear r7300dst_firmware *
netgear r6400_firmware *
netgear jwnr2010_firmware *
netgear r8500_firmware *
netgear jr6150_firmware *
netgear r6800_firmware *
netgear pr2000_firmware *
netgear r8300_firmware *
netgear r6050_firmware *
netgear d8500_firmware *
netgear r7800_firmware *
netgear r6700_firmware *
netgear jnr1010_firmware *
netgear r9000_firmware *
netgear d7800_firmware *
netgear r7500_firmware *
netgear r8000p_firmware *
netgear r6220_firmware *
netgear wnr2020_firmware *
CVE-2018-21169 MEDIUM

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D7000 before 2018-03-01, D7800 before 1.0.1.31, D8500 before 1.0.3.36, JNR1010v2 before 1.1.0.46, JR6150 before 1.0.1.14, JWNR2010v5 before 1.1.0.46, PR2000 before 2018-03-01, R6050 before 1.0.1.14, R6220 before 1.1.0.60, R6400 before 1.1.0.26, R6400v2 before 1.0.2.46, R6700v2 before 1.2.0.2, R6800 before 1.2.0.2, R6900v2 before 1.2.0.2, R7300DST before 1.0.0.56, R7500 before 1.0.0.112, R7500v2 before 1.0.3.24, R7800 before 1.0.2.36, R7900P before 1.1.4.6, R8000P before 1.1.4.6, R8300 before 1.0.2.104, R8500 before 1.0.2.104, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.94, WNDR3700v5 before 1.1.0.50, WNDR4300 before 1.0.2.96, WNDR4300v2 before 1.0.0.52, WNDR4500v3 before 1.0.0.52, WNR1000v4 before 1.1.0.46, WNR2020 before 1.1.0.46, and WNR2050 before 1.1.0.46.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear wnr2050_firmware *
netgear d7000_firmware *
netgear r6900_firmware *
netgear r7900p_firmware *
netgear wnr1000_firmware *
netgear wndr4300_firmware *
netgear wndr4500_firmware *
netgear r7300dst_firmware *
netgear r6400_firmware *
netgear jwnr2010_firmware *
netgear r8500_firmware *
netgear jr6150_firmware *
netgear r6800_firmware *
netgear pr2000_firmware *
netgear r8300_firmware *
netgear r6050_firmware *
netgear d8500_firmware *
netgear r7800_firmware *
netgear r6700_firmware *
netgear jnr1010_firmware *
netgear r9000_firmware *
netgear d7800_firmware *
netgear r7500_firmware *
netgear r8000p_firmware *
netgear r6220_firmware *
netgear wnr2020_firmware *
CVE-2018-21170 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects EX2700 before 1.0.1.28, R7800 before 1.0.2.40, WN2000RPTv3 before 1.0.1.20, WN3000RPv3 before 1.0.2.50, and WN3100RPv2 before 1.0.0.56.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear wn2000rpt_firmware *
netgear r7800_firmware *
netgear wn3000rp_firmware *
netgear ex2700_firmware *
netgear wn3100rp_firmware *
CVE-2018-21171 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R7800 before 1.0.2.40, R9000 before 1.0.3.6, WNDR3700v4 before 1.0.2.92, and WNDR4300 before 1.0.2.98.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear d6100_firmware *
netgear r9000_firmware *
CVE-2018-21172 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear r9000_firmware *
netgear wnr2000_firmware *
netgear wndr4500_firmware *
CVE-2018-21173 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R7500 before 1.0.0.122, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear r7500_firmware *
netgear r9000_firmware *
netgear wnr2000_firmware *
netgear wndr4500_firmware *
CVE-2018-21174 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R7500 before 1.0.0.122, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear d6100_firmware *
netgear r7500_firmware *
netgear r9000_firmware *
netgear wnr2000_firmware *
netgear wndr4500_firmware *
CVE-2018-21175 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear r6100_firmware *
netgear d6100_firmware *
netgear r9000_firmware *
netgear wnr2000_firmware *
netgear wndr4500_firmware *
CVE-2018-21176 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7500 before 1.0.0.122, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear r6100_firmware *
netgear d6100_firmware *
netgear r7500_firmware *
netgear r9000_firmware *
netgear wnr2000_firmware *
netgear wndr4500_firmware *
CVE-2018-21177 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear r6100_firmware *
netgear d6100_firmware *
netgear r9000_firmware *
netgear wnr2000_firmware *
netgear wndr4500_firmware *
CVE-2018-21178 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear r9000_firmware *
netgear wnr2000_firmware *
netgear wndr4500_firmware *
CVE-2018-21179 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.30, R7500 before 1.0.0.122, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear d6100_firmware *
netgear r7500_firmware *
netgear r9000_firmware *
netgear wnr2000_firmware *
netgear wndr4500_firmware *
CVE-2018-21180 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear d6100_firmware *
netgear r9000_firmware *
netgear wnr2000_firmware *
netgear wndr4500_firmware *
CVE-2018-21181 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.28, EX2700 before 1.0.1.32, EX6200v2 before 1.0.1.56, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.3.6, WN2000RPTv3 before 1.0.1.20, WN3000RPv3 before 1.0.2.52, WN3100RPv2 before 1.0.0.42, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear ex6200_firmware *
netgear wndr4300_firmware *
netgear wn2000rpt_firmware *
netgear r7800_firmware *
netgear r9000_firmware *
netgear wn3100rp_firmware *
netgear wndr4500_firmware *
netgear d7800_firmware *
netgear wn3000rp_firmware *
netgear r7500_firmware *
netgear ex2700_firmware *
netgear wnr2000_firmware *
CVE-2018-21182 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, and WNDR4300 before 1.0.2.94.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear r9000_firmware *
CVE-2018-21183 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, and WNDR4300 before 1.0.2.94.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear r9000_firmware *
CVE-2018-21184 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.28, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, and R9000 before 1.0.3.6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear r7800_firmware *
netgear d6100_firmware *
netgear r7500_firmware *
netgear r9000_firmware *
CVE-2018-21185 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.34, R7500 before 1.0.0.122, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear d6100_firmware *
netgear r7500_firmware *
netgear r9000_firmware *
netgear wnr2000_firmware *
netgear wndr4500_firmware *
CVE-2018-21186 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear r6100_firmware *
netgear r7500_firmware *
netgear r9000_firmware *
netgear wnr2000_firmware *
netgear wndr4500_firmware *
CVE-2018-21187 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.30, R7500 before 1.0.0.122, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear r7500_firmware *
netgear r9000_firmware *
netgear wnr2000_firmware *
netgear wndr4500_firmware *
CVE-2018-21188 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.30, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear r7500_firmware *
netgear r9000_firmware *
netgear wnr2000_firmware *
netgear wndr4500_firmware *
CVE-2018-21189 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear r6100_firmware *
netgear d6100_firmware *
netgear r9000_firmware *
netgear wnr2000_firmware *
netgear wndr4500_firmware *
CVE-2018-21190 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.34, R6100 before 1.0.1.20, R7500 before 1.0.0.122, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear r6100_firmware *
netgear d6100_firmware *
netgear r7500_firmware *
netgear r9000_firmware *
netgear wnr2000_firmware *
netgear wndr4500_firmware *
CVE-2018-21191 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear r6100_firmware *
netgear d6100_firmware *
netgear wnr2000_firmware *
netgear wndr4500_firmware *
CVE-2018-21192 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.3.6, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear r6100_firmware *
netgear d6100_firmware *
netgear r9000_firmware *
netgear wnr2000_firmware *
netgear wndr4500_firmware *
CVE-2018-21193 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.34, R6100 before 1.0.1.20, R7500 before 1.0.0.122, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear r6100_firmware *
netgear d6100_firmware *
netgear r7500_firmware *
netgear wnr2000_firmware *
netgear wndr4500_firmware *
CVE-2018-21194 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.34, R6100 before 1.0.1.20, R7500 before 1.0.0.122, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.3.6, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear r6100_firmware *
netgear d6100_firmware *
netgear r7500_firmware *
netgear r9000_firmware *
netgear wnr2000_firmware *
netgear wndr4500_firmware *
CVE-2018-21195 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.34, R6100 before 1.0.1.20, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.3.6, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear r6100_firmware *
netgear d6100_firmware *
netgear r7500_firmware *
netgear r9000_firmware *
netgear wnr2000_firmware *
netgear wndr4500_firmware *
CVE-2018-21196 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, and WNR2000v5 before 1.0.0.62.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear r6100_firmware *
netgear d6100_firmware *
netgear r9000_firmware *
netgear wnr2000_firmware *
CVE-2018-21197 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear r6100_firmware *
netgear r7500_firmware *
netgear r9000_firmware *
netgear wnr2000_firmware *
netgear wndr4500_firmware *
CVE-2018-21198 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R7800 before 1.2.0.44, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.62.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear d6100_firmware *
netgear r9000_firmware *
netgear wnr2000_firmware *
netgear wndr4500_firmware *
CVE-2018-21199 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.30, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, and WNDR4300 before 1.0.2.98.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear r6100_firmware *
netgear r7500_firmware *
netgear r9000_firmware *
CVE-2018-21200 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R7800 before 1.0.2.40 and R9000 before 1.0.3.6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear r7800_firmware *
netgear r9000_firmware *
CVE-2018-21201 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear r6100_firmware *
netgear d6100_firmware *
netgear r9000_firmware *
netgear wnr2000_firmware *
netgear wndr4500_firmware *
CVE-2018-21202 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, and WNDR4500v3 before 1.0.0.54.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear r6100_firmware *
netgear r7500_firmware *
netgear r9000_firmware *
netgear wndr4500_firmware *
CVE-2018-21203 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects R6100 before 1.0.1.20, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear r6100_firmware *
netgear r9000_firmware *
netgear wndr4500_firmware *
CVE-2018-21204 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear r6100_firmware *
netgear r7500_firmware *
netgear r9000_firmware *
netgear wndr4500_firmware *
CVE-2018-21205 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D7800 before 1.0.1.30, EX2700 before 1.0.1.28, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WN2000RPTv3 before 1.0.1.20, WN3000RPv3 before 1.0.2.50, WN3100RPv2 before 1.0.0.56, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear wn2000rpt_firmware *
netgear r7800_firmware *
netgear r6100_firmware *
netgear wn3100rp_firmware *
netgear wndr4500_firmware *
netgear d7800_firmware *
netgear r900_firmware *
netgear wn3000rp_firmware *
netgear r7500_firmware *
netgear ex2700_firmware *
CVE-2018-21206 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D7800 before 1.0.1.30, EX2700 before 1.0.1.28, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WN2000RPTv3 before 1.0.1.20, WN3000RPv3 before 1.0.2.50, WN3100RPv2 before 1.0.0.56, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear wn2000rpt_firmware *
netgear r7800_firmware *
netgear r6100_firmware *
netgear wn3100rp_firmware *
netgear wndr4500_firmware *
netgear d7800_firmware *
netgear r900_firmware *
netgear wn3000rp_firmware *
netgear r7500_firmware *
netgear ex2700_firmware *
CVE-2018-21207 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D7800 before 1.0.1.30, EX2700 before 1.0.1.28, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WN2000RPTv3 before 1.0.1.20, WN3000RPv3 before 1.0.2.50, WN3100RPv2 before 1.0.0.56, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear wn2000rpt_firmware *
netgear r7800_firmware *
netgear r6100_firmware *
netgear d6000_firmware *
netgear wn3100rp_firmware *
netgear wndr4500_firmware *
netgear d7800_firmware *
netgear r900_firmware *
netgear d3600_firmware *
netgear wn3000rp_firmware *
netgear r7500_firmware *
netgear ex2700_firmware *
CVE-2018-21208 MEDIUM

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7500v2 before 1.0.3.24, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
netgear wndr4300_firmware *
netgear r6100_firmware *
netgear d6100_firmware *
netgear r7500_firmware *
netgear wndr4500_firmware *
CVE-2018-21209 LOW

Certain NETGEAR devices are affected by reflected XSS. This affects JNR1010v2 before 1.1.0.46, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.46, PR2000 before 1.0.0.20, R6050 before 1.0.1.10, R6220 before 1.1.0.60, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.46, WNR2020 before 1.1.0.46, and WNR2050 before 1.1.0.46.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear wnr2050_firmware *
netgear r6050_firmware *
netgear wnr1000_firmware *
netgear jnr1010_firmware *
netgear jwnr2010_firmware *
netgear r6220_firmware *
netgear jr6150_firmware *
netgear pr2000_firmware *
netgear wnr2020_firmware *
CVE-2018-21210 MEDIUM

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D7800 before 1.0.1.30, EX2700 before 1.0.1.28, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WN2000RPTv3 before 1.0.1.20, WN3000RPv3 before 1.0.2.50, WN3100RPv2 before 1.0.0.56, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear wn2000rpt_firmware *
netgear r7800_firmware *
netgear r6100_firmware *
netgear d6000_firmware *
netgear wn3100rp_firmware *
netgear wndr4500_firmware *
netgear d7800_firmware *
netgear r900_firmware *
netgear d3600_firmware *
netgear wn3000rp_firmware *
netgear r7500_firmware *
netgear ex2700_firmware *
CVE-2018-21211 MEDIUM

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D7800 before 1.0.1.30, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear d3600_firmware *
netgear r7800_firmware *
netgear d6100_firmware *
netgear d6000_firmware *
netgear r7500_firmware *
netgear r9000_firmware *
netgear wnr2000_firmware *
netgear wndr4500_firmware *
CVE-2018-21212 MEDIUM

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D7800 before 1.0.1.30, EX2700 before 1.0.1.28, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WN2000RPTv3 before 1.0.1.20, WN3000RPv3 before 1.0.2.50, WN3100RPv2 before 1.0.0.56, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear wn2000rpt_firmware *
netgear r7800_firmware *
netgear r6100_firmware *
netgear d6100_firmware *
netgear d6000_firmware *
netgear wn3100rp_firmware *
netgear wndr4500_firmware *
netgear d7800_firmware *
netgear r900_firmware *
netgear d3600_firmware *
netgear wn3000rp_firmware *
netgear r7500_firmware *
netgear ex2700_firmware *
CVE-2018-21213 MEDIUM

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear d3600_firmware *
netgear r7800_firmware *
netgear r6100_firmware *
netgear d6000_firmware *
netgear r7500_firmware *
netgear r9000_firmware *
netgear wndr4500_firmware *
CVE-2018-21214 MEDIUM

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, EX2700 before 1.0.1.28, R6100 before 1.0.1.20, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WN2000RPTv3 before 1.0.1.20, WN3000RPv3 before 1.0.2.50, and WN3100RPv2 before 1.0.0.56.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netgear d3600_firmware *
netgear wn2000rpt_firmware *
netgear wn3000rp_firmware *
netgear r6100_firmware *
netgear d6000_firmware *
netgear r7500_firmware *
netgear ex2700_firmware *
netgear r9000_firmware *
netgear wn3100rp_firmware *
CVE-2018-21215 MEDIUM

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, EX2700 before 1.0.1.28, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WN2000RPTv3 before 1.0.1.20, WN3000RPv3 before 1.0.2.50, and WN3100RPv2 before 1.0.0.56.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netgear d3600_firmware *
netgear wn2000rpt_firmware *
netgear wn3000rp_firmware *
netgear d6100_firmware *
netgear d6000_firmware *
netgear r7500_firmware *
netgear ex2700_firmware *
netgear r9000_firmware *
netgear wn3100rp_firmware *
CVE-2018-21216 MEDIUM

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, and R6100 before 1.0.1.20.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netgear d3600_firmware *
netgear r6100_firmware *
netgear d6100_firmware *
netgear d6000_firmware *
CVE-2018-21217 MEDIUM

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, and R6100 before 1.0.1.20.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netgear d3600_firmware *
netgear r6100_firmware *
netgear d6100_firmware *
netgear d6000_firmware *
CVE-2018-21218 MEDIUM

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear d3600_firmware *
netgear r6100_firmware *
netgear d6100_firmware *
netgear d6000_firmware *
netgear r7500_firmware *
netgear r9000_firmware *
netgear wnr2000_firmware *
netgear wndr4500_firmware *
CVE-2018-21219 MEDIUM

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear d3600_firmware *
netgear r6100_firmware *
netgear d6100_firmware *
netgear d6000_firmware *
netgear r7500_firmware *
netgear r9000_firmware *
netgear wnr2000_firmware *
netgear wndr4500_firmware *
CVE-2018-21220 MEDIUM

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear d3600_firmware *
netgear r6100_firmware *
netgear d6100_firmware *
netgear d6000_firmware *
netgear r7500_firmware *
netgear r9000_firmware *
netgear wnr2000_firmware *
netgear wndr4500_firmware *
CVE-2018-21221 MEDIUM

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, and R9000 before 1.0.2.52.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netgear d3600_firmware *
netgear d6000_firmware *
netgear r9000_firmware *
CVE-2018-21222 MEDIUM

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear d3600_firmware *
netgear r6100_firmware *
netgear d6000_firmware *
netgear r7500_firmware *
netgear r9000_firmware *
netgear wnr2000_firmware *
netgear wndr4500_firmware *
CVE-2018-21223 MEDIUM

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear d3600_firmware *
netgear r6100_firmware *
netgear d6000_firmware *
netgear r7500_firmware *
netgear r9000_firmware *
netgear wnr2000_firmware *
netgear wndr4500_firmware *
CVE-2018-21224 MEDIUM

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear d3600_firmware *
netgear r6100_firmware *
netgear d6000_firmware *
netgear r7500_firmware *
netgear r9000_firmware *
netgear wnr2000_firmware *
netgear wndr4500_firmware *
CVE-2018-21225 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7000 before 1.0.1.60, D7800 before 1.0.1.34, D8500 before 1.0.3.39, R6700 before 1.0.1.30, R6700v2 before 1.2.0.16, R6800 before 1.2.0.16, R6900 before 1.0.1.30, R6900P before 1.2.0.22, R6900v2 before 1.2.0.16, R7000 before 1.0.9.12, R7000P before 1.2.0.22, R7500v2 before 1.0.3.20, R7800 before 1.0.2.44, R8300 before 1.0.2.106, R8500 before 1.0.2.106, and R9000 before 1.0.2.52.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
netgear d7000_firmware *
netgear r6900_firmware *
netgear r7000_firmware *
netgear r7000p_firmware *
netgear d8500_firmware *
netgear r7800_firmware *
netgear r6700_firmware *
netgear r9000_firmware *
netgear d7800_firmware *
netgear r7500_firmware *
netgear r8500_firmware *
netgear r6800_firmware *
netgear r6900p_firmware *
netgear r8300_firmware *
CVE-2018-21226 MEDIUM

Certain NETGEAR devices are affected by authentication bypass. This affects JNR1010v2 before 1.1.0.48, JWNR2010v5 before 1.1.0.48, WNR1000v4 before 1.1.0.48, WNR2020 before 1.1.0.48, and WNR2050 before 1.1.0.48.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,

Products Affected

Vendor Product Version
netgear wnr2050_firmware *
netgear wnr1000_firmware *
netgear jnr1010_firmware *
netgear jwnr2010_firmware *
netgear wnr2020_firmware *
CVE-2018-21227 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, R6400v2 before 1.0.2.34, R6700 before 1.0.1.30, R6900 before 1.0.1.30, R6900P before 1.0.0.62, R7000 before 1.0.9.12, R7000P before 1.0.0.62, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R9000 before 1.0.3.10, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
netgear r6900_firmware *
netgear r7000_firmware *
netgear wndr4300_firmware *
netgear r7000p_firmware *
netgear r7800_firmware *
netgear r6700_firmware *
netgear r9000_firmware *
netgear wndr4500_firmware *
netgear d7800_firmware *
netgear r6400_firmware *
netgear r7500_firmware *
netgear r6900p_firmware *
CVE-2018-21228 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, EX6100v2 before 1.0.1.50, EX6150v2 before 1.0.1.50, EX6200v2 before 1.0.1.44, EX6400 before 1.0.1.60, EX7300 before 1.0.1.60, R6100 before 1.0.1.16, R7500 before 1.0.0.110, R7800 before 1.0.2.32, R9000 before 1.0.2.30, WN3000RPv3 before 1.0.2.50, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
netgear ex6100_firmware *
netgear ex6200_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear r6100_firmware *
netgear r9000_firmware *
netgear wndr4500_firmware *
netgear ex6400_firmware *
netgear ex7300_firmware *
netgear d7800_firmware *
netgear ex6150_firmware *
netgear wn3000rp_firmware *
netgear r7500_firmware *
CVE-2018-21229 LOW

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R7500v2 before 1.0.3.20, R7800 before 1.0.2.38, WN3000RPv3 before 1.0.2.50, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear wn3000rp_firmware *
netgear r7500_firmware *
netgear wndr4500_firmware *
CVE-2018-21230 MEDIUM

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D1500 before 1.0.0.27, D500 before 1.0.0.27, D6100 before 1.0.0.57, D6220 before 1.0.0.40, D6400 before 1.0.0.74, D7000 before 1.0.1.60, D7800 before 1.0.1.34, D8500 before 1.0.3.39, DGN2200v4 before 1.0.0.94, DGN2200Bv4 before 1.0.0.94, EX2700 before 1.0.1.42, EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6000 before 1.0.0.24, EX6100 before 1.0.2.18, EX6120 before 1.0.0.32, EX6130 before 1.0.0.22, EX6150 before 1.0.0.34_1.0.70, EX6200 before 1.0.3.82_1.1.117, EX6400 before 1.0.1.78, EX7000 before 1.0.0.56, EX7300 before 1.0.1., JNR1010v2 before 1.1.0.42, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.42, PR2000 before 1.0.0.22, R6050 before 1.0.1.10, R6100 before 1.0.1.16, R6220 before 1.1.0.50, R6250 before 1.0.4.14, R6300v2 before 1.0.4.12, R6400v2 before 1.0.2.34, R6700 before 1.0.1.26, R6900 before 1.0.1.26, R6900P before 1.2.0.22, R7000 before 1.0.9.6, R7000P before 1.2.0.22, R7100LG before 1.0.0.40, R7300DST before 1.0.0.54, R7500 before 1.0.0.110, R7500v2 before 1.0.3.26, R7800 before 1.0.2.44, R7900 before 1.0.1.26, R8000 before 1.0.3.48, R8300 before 1.0.2.104, R8500 before 1.0.2.104, R9000 before 1.0.3.10, WN2000RPTv3 before 1.0.1.26, WN2500RPv2 before 1.0.1.46, WN3000RPv3 before 1.0.2.66, WN3100RPv2 before 1.0.0.56, WNDR3400v3 before 1.0.1.14, WNDR3700v4 before 1.0.2.96, WNDR3700v5 before 1.1.0.54, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.42, WNR2000v5 before 1.0.0.64, WNR2020 before 1.1.0.42, and WNR2050 before 1.1.0.42.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 2.8 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear r6900_firmware *
netgear r7000_firmware *
netgear r6100_firmware *
netgear d6100_firmware *
netgear r8000_firmware *
netgear wn3100rp_firmware *
netgear ex7300_firmware *
netgear r7300dst_firmware *
netgear ex6150_firmware *
netgear r6400_firmware *
netgear wndr3400_firmware *
netgear ex6120_firmware *
netgear wn2500rp_firmware *
netgear ex2700_firmware *
netgear jwnr2010_firmware *
netgear r8500_firmware *
netgear r6250_firmware *
netgear r6900p_firmware *
netgear r8300_firmware *
netgear d8500_firmware *
netgear r7800_firmware *
netgear jnr1010_firmware *
netgear ex6400_firmware *
netgear r7900_firmware *
netgear d7800_firmware *
netgear r6300_firmware *
netgear ex3700_firmware *
netgear r7500_firmware *
netgear wnr2000_firmware *
netgear wnr2050_firmware *
netgear d1500_firmware *
netgear d7000_firmware *
netgear d6220_firmware *
netgear wnr1000_firmware *
netgear wndr4300_firmware *
netgear r7000p_firmware *
netgear d500_firmware *
netgear d6400_firmware *
netgear ex3800_firmware *
netgear wndr4500_firmware *
netgear jr6150_firmware *
netgear pr2000_firmware *
netgear dgn2200_firmware *
netgear dgn2200b_firmware *
netgear ex6100_firmware *
netgear ex6200_firmware *
netgear r6050_firmware *
netgear ex6130_firmware *
netgear ex6000_firmware *
netgear ex7000_firmware *
netgear wn2000rpt_firmware *
netgear r6700_firmware *
netgear r9000_firmware *
netgear r7100lg_firmware *
netgear wn3000rp_firmware *
netgear r6220_firmware *
netgear wnr2020_firmware *
CVE-2018-21231 MEDIUM

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D1500 before 1.0.0.27, D500 before 1.0.0.27, D6100 before 1.0.0.57, D6220 before 1.0.0.40, D6400 before 1.0.0.74, D7000 before 1.0.1.60, D7800 before 1.0.1.34, D8500 before 1.0.3.39, DGN2200v4 before 1.0.0.94, DGN2200Bv4 before 1.0.0.94, EX2700 before 1.0.1.42, EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6000 before 1.0.0.24, EX6100 before 1.0.2.18, EX6120 before 1.0.0.32, EX6130 before 1.0.0.22, EX6150 before 1.0.0.34_1.0.70, EX6200 before 1.0.3.82_1.1.117, EX6400 before 1.0.1.78, EX7000 before 1.0.0.56, EX7300 before 1.0.1.78, JNR1010v2 before 1.1.0.42, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.42, PR2000 before 1.0.0.22, R6050 before 1.0.1.10, R6100 before 1.0.1.16, R6220 before 1.1.0.50, R6250 before 1.0.4.14, R6300v2 before 1.0.4.12, R6400v2 before 1.0.2.34, R6700 before 1.0.1.26, R6900 before 1.0.1.26, R6900P before 1.2.0.22, R7000 before 1.0.9.6, R7000P before 1.2.0.22, R7100LG before 1.0.0.40, R7300DST before 1.0.0.54, R7500 before 1.0.0.110, R7500v2 before 1.0.3.26, R7800 before 1.0.2.44, R7900 before 1.0.1.26, R8000 before 1.0.3.48, R8300 before 1.0.2.104, R8500 before 1.0.2.104, R9000 before 1.0.3.10, WN2000RPTv3 before 1.0.1.26, WN2500RPv2 before 1.0.1.46, WN3000RPv3 before 1.0.2.66, WN3100RPv2 before 1.0.0.56, WNDR3400v3 before 1.0.1.14, WNDR3700v4 before 1.0.2.96, WNDR3700v5 before 1.1.0.54, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.42, WNR2000v5 before 1.0.0.64, WNR2020 before 1.1.0.42, and WNR2050 before 1.1.0.42.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 2.8 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear r6900_firmware *
netgear r7000_firmware *
netgear r6100_firmware *
netgear d6100_firmware *
netgear r8000_firmware *
netgear wn3100rp_firmware *
netgear ex7300_firmware *
netgear r7300dst_firmware *
netgear ex6150_firmware *
netgear r6400_firmware *
netgear wndr3400_firmware *
netgear ex6120_firmware *
netgear wn2500rp_firmware *
netgear ex2700_firmware *
netgear jwnr2010_firmware *
netgear r8500_firmware *
netgear r6250_firmware *
netgear r6900p_firmware *
netgear r8300_firmware *
netgear d8500_firmware *
netgear r7800_firmware *
netgear jnr1010_firmware *
netgear ex6400_firmware *
netgear r7900_firmware *
netgear d7800_firmware *
netgear r6300_firmware *
netgear ex3700_firmware *
netgear r7500_firmware *
netgear wnr2000_firmware *
netgear wnr2050_firmware *
netgear d1500_firmware *
netgear d7000_firmware *
netgear d6220_firmware *
netgear wnr1000_firmware *
netgear wndr4300_firmware *
netgear r7000p_firmware *
netgear d500_firmware *
netgear d6400_firmware *
netgear ex3800_firmware *
netgear wndr4500_firmware *
netgear jr6150_firmware *
netgear pr2000_firmware *
netgear dgn2200_firmware *
netgear dgn2200b_firmware *
netgear ex6100_firmware *
netgear ex6200_firmware *
netgear r6050_firmware *
netgear ex6130_firmware *
netgear ex6000_firmware *
netgear ex7000_firmware *
netgear wn2000rpt_firmware *
netgear r6700_firmware *
netgear r9000_firmware *
netgear r7100lg_firmware *
netgear wn3000rp_firmware *
netgear r6220_firmware *
netgear wnr2020_firmware *
CVE-2019-12510 MEDIUM

In NETGEAR Nighthawk X10-R900 prior to 1.0.4.26, an attacker may bypass all authentication checks on the device's "NETGEAR Genie" SOAP API ("/soap/server_sa") by supplying a malicious X-Forwarded-For header of the device's LAN IP address (192.168.1.1) in every request. As a result, an attacker may modify almost all of the device's settings and view various configuration settings.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-345,

Products Affected

Vendor Product Version
netgear nighthawk_x10-r9000_firmware *
CVE-2019-12511 HIGH

In NETGEAR Nighthawk X10-R9000 prior to 1.0.4.26, an attacker may execute arbitrary system commands as root by sending a specially-crafted MAC address to the "NETGEAR Genie" SOAP endpoint at AdvancedQoS:GetCurrentBandwidthByMAC. Although this requires QoS being enabled, advanced QoS being enabled, and a valid authentication JWT, additional vulnerabilities (CVE-2019-12510) allow an attacker to interact with the entire SOAP API without authentication. Additionally, DNS rebinding techniques may be used to exploit this vulnerability remotely. Exploiting this vulnerability is somewhat involved. The following limitations apply to the payload and must be overcome for successful exploitation: - No more than 17 characters may be used. - At least one colon must be included to prevent mangling. - A single-quote and meta-character must be used to break out of the existing command. - Parent command remnants after the injection point must be dealt with. - The payload must be in all-caps. Despite these limitations, it is still possible to gain access to an interactive root shell via this vulnerability. Since the web server assigns certain HTTP headers to environment variables with all-caps names, it is possible to insert a payload into one such header and reference the subsequent environment variable in the injection point.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
netgear nighthawk_x10-r9000_firmware *
CVE-2019-12512 MEDIUM

In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, an attacker may execute stored XSS attacks against this device by supplying a malicious X-Forwarded-For header while performing an incorrect login attempt. The value supplied by this header will be inserted into administrative logs, found at Advanced settings->Administration->Logs, and may trigger when the page is viewed. Although this value is inserted into a textarea tag, the attack simply needs to supply a closing textarea tag.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear nighthawk_x10-r9000_firmware *
CVE-2019-12513 MEDIUM

In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, by sending a DHCP discover request containing a malicious hostname field, an attacker may execute stored XSS attacks against this device. When the malicious DHCP request is received, the device will generate a log entry containing the malicious hostname. This log entry may then be viewed at Advanced settings->Administration->Logs to trigger the exploit. Although this value is inserted into a textarea tag, converted to all-caps, and limited in length, attacks are still possible.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear nighthawk_x10-r9000_firmware *
CVE-2019-12591 MEDIUM

NETGEAR Insight Cloud with firmware before Insight 5.6 allows remote authenticated users to achieve command injection.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear insight *
CVE-2019-13393 MEDIUM

The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses the same default 8 character passphrase for the administrative console and the WPA2 pre-shared key. Either an attack against HTTP Basic Authentication or an attack against WPA2 could be used to determine this passphrase.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-1188,

Products Affected

Vendor Product Version
netgear cg3700b_firmware 2.02.03
CVE-2019-13394 MEDIUM

The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses HTTP Basic Authentication over cleartext HTTP.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-319,CWE-522,

Products Affected

Vendor Product Version
netgear cg3700b_firmware 2.02.03
CVE-2019-13395 MEDIUM

The Voo branded NETGEAR CG3700b custom firmware V2.02.03 allows CSRF against all /goform/ URIs. An attacker can modify all settings including WEP/WPA/WPA2 keys, restore the router to factory settings, or even upload an entire malicious configuration file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
netgear cg3700b_firmware 2.02.03
CVE-2019-14363 HIGH

A stack-based buffer overflow in the upnpd binary running on NETGEAR WNDR3400v3 routers with firmware version 1.0.1.18_1.0.63 allows an attacker to remotely execute arbitrary code via a crafted UPnP SSDP packet.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear wndr3400v3_firmware *
CVE-2019-14526 MEDIUM

An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. The web-interface Cross-Site Request Forgery token is stored in a dynamically generated JavaScript file, and therefore can be embedded in third party pages, and re-used against the Nighthawk web interface. This entirely bypasses the intended security benefits of the use of a CSRF-protection token.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
netgear mr1100_firmware *
CVE-2019-14527 HIGH

An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. System commands can be executed, via the web interface, after authentication.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
netgear mr1100_firmware *
CVE-2019-17049 MEDIUM

NETGEAR SRX5308 4.3.5-3 devices allow SQL Injection, as exploited in the wild in September 2019 to add a new user account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
netgear srx5308_firmware 4.3.5-3
CVE-2019-17137 HIGH

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR AC1200 R6220 Firmware version 1.1.0.86 Smart WiFi Router. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of path strings. By inserting a null byte into the path, the user can skip most authentication checks. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-8616.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.4 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H 3.9 5.5

CVSS 2.0

Severity: HIGH

Problem Type: CWE-626,NVD-CWE-Other,

Products Affected

Vendor Product Version
netgear ac1200_r6220_firmware 1.1.0.86
CVE-2019-17372 MEDIUM

Certain NETGEAR devices allow remote attackers to disable all authentication requirements by visiting genieDisableLanChanged.cgi. The attacker can then, for example, visit MNU_accessPassword_recovered.html to obtain a valid new admin password. This affects AC1450, D8500, DC112A, JNDR3000, LG2200D, R4500, R6200, R6200V2, R6250, R6300, R6300v2, R6400, R6700, R6900P, R6900, R7000P, R7000, R7100LG, R7300, R7900, R8000, R8300, R8500, WGR614v10, WN2500RPv2, WNDR3400v2, WNDR3700v3, WNDR4000, WNDR4500, WNDR4500v2, WNR1000, WNR1000v3, WNR3500L, and WNR3500L.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
netgear wnr1000_firmware -
netgear r6900p_firmware -
netgear wndr4500v2_firmware -
netgear r7000_firmware -
netgear r6300_firmware -
netgear r7100lg_firmware -
netgear r7900_firmware -
netgear r8300_firmware -
netgear wgr614v10_firmware -
netgear wnr3500l_firmware -
netgear r6200v2_firmware -
netgear lg2200d_firmware -
netgear r6250_firmware -
netgear wnr1000v3_firmware -
netgear wndr3700v3_firmware -
netgear wndr3400v2_firmware -
netgear r8000_firmware -
netgear r6200_firmware -
netgear r8500_firmware -
netgear r7300_firmware -
netgear r4500_firmware -
netgear r6300v2_firmware -
netgear wndr4000_firmware -
netgear wndr4500_firmware -
netgear r7000p_firmware -
netgear r6400_firmware -
netgear r6900_firmware -
netgear ac1450_firmware -
netgear dc112a_firmware -
netgear d8500_firmware -
netgear r6700_firmware -
netgear wn2500rpv2_firmware -
netgear jndr3000_firmware -
CVE-2019-17373 HIGH

Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, such as by appending ?x=1.jpg to a URL. This affects MBR1515, MBR1516, DGN2200, DGN2200M, DGND3700, WNR2000v2, WNDR3300, WNDR3400, WNR3500, and WNR834Bv2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear mbr1516_firmware -
netgear dgn2200_firmware -
netgear wndr3400_firmware -
netgear wnr2000v2_firmware -
netgear wndr3300_firmware -
netgear wnr3500_firmware -
netgear wnr834bv2_firmware -
netgear mbr1515_firmware -
netgear dgnd3700_firmware -
netgear dgn2200m_firmware -
CVE-2019-19494 HIGH

Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote attacker to execute arbitrary code at the kernel level via JavaScript run in a victim's browser. Examples of affected products include Sagemcom F@st 3890 prior to 50.10.21_T4, Sagemcom F@st 3890 prior to 05.76.6.3f, Sagemcom F@st 3686 3.428.0, Sagemcom F@st 3686 4.83.0, NETGEAR CG3700EMR 2.01.05, NETGEAR CG3700EMR 2.01.03, NETGEAR C6250EMR 2.01.05, NETGEAR C6250EMR 2.01.03, Technicolor TC7230 STEB 01.25, COMPAL 7284E 5.510.5.11, and COMPAL 7486E 5.510.5.11.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
sagemcom f@st_3890_firmware *
netgear cg3700emr_firmware 2.01.05
netgear c6250emr_firmware 2.01.05
sagemcom f@st_3686_firmware 4.83.0
sagemcom f@st_3686_firmware 3.428.0
technicolor tc7230_steb_firmware 01.25
compal 7284e_firmware 5.510.5.11
compal 7486e_firmware 5.510.5.11
netgear c6250emr_firmware 2.01.03
netgear cg3700emr_firmware 2.01.03
CVE-2019-19964 MEDIUM

On NETGEAR GS728TPS devices through 5.3.0.35, a remote attacker having network connectivity to the web-administration panel can access part of the web panel, bypassing authentication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 2.7 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N 1.2 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear gs728tps_firmware *
CVE-2019-20486 MEDIUM

An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple pages (setup.cgi and adv_index.htm) within the web management console are vulnerable to stored XSS, as demonstrated by the configuration of the UI language.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear wnr1000_firmware 1.1.0.54
CVE-2019-20487 MEDIUM

An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple actions within the WNR1000V4 web management console are vulnerable to an unauthenticated GET request (exploitable directly or through CSRF), as demonstrated by the setup.cgi?todo=save_htp_account URI.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
netgear wnr1000_firmware 1.1.0.54
CVE-2019-20488 HIGH

An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple actions within the web management interface (setup.cgi) are vulnerable to command injection, allowing remote attackers to execute arbitrary commands, as demonstrated by shell metacharacters in the sysDNSHost parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
netgear wnr1000_firmware 1.1.0.54
CVE-2019-20489 MEDIUM

An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. The web management interface (setup.cgi) has an authentication bypass and other problems that ultimately allow an attacker to remotely compromise the device from a malicious webpage. The attacker sends an FW_remote.htm&todo=cfg_init request without a cookie, reads the Set-Cookie header in the 401 Unauthorized response, and then repeats the FW_remote.htm&todo=cfg_init request with the specified cookie.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
netgear wnr1000_firmware 1.1.0.54
CVE-2019-20638 MEDIUM

NETGEAR MR1100 devices before 12.06.08.00 are affected by disclosure of administrative credentials.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
netgear mr1100_firmware *
CVE-2019-20639 LOW

Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear rbs50_firmware *
CVE-2019-20640 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6200 before 1.1.00.32, D7000 before 1.0.1.68, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6050 before 1.0.1.18, R6080 before 1.0.0.38, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.40, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, WNR2020 before 1.1.0.62, and XR500 before 2.3.2.32.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear r6260_firmware *
netgear d7000_firmware *
netgear r6900_firmware *
netgear r6050_firmware *
netgear r6080_firmware *
netgear r6700_firmware *
netgear d6000_firmware *
netgear r6020_firmware *
netgear xr500_firmware *
netgear d6200_firmware *
netgear d3600_firmware *
netgear r6220_firmware *
netgear jr6150_firmware *
netgear r6800_firmware *
netgear pr2000_firmware *
netgear wnr2020_firmware *
netgear r6120_firmware *
CVE-2019-20641 MEDIUM

NETGEAR RAX40 devices before 1.0.3.64 are affected by lack of access control at the function level.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear rax40_firmware *
CVE-2019-20642 MEDIUM

NETGEAR RAX40 devices before 1.0.3.64 are affected by authentication bypass.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear rax40_firmware *
CVE-2019-20643 MEDIUM

NETGEAR RAX40 devices before 1.0.3.64 are affected by disclosure of sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear rax40_firmware *
CVE-2019-20644 LOW

NETGEAR RAX40 devices before 1.0.3.62 are affected by stored XSS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear rax40_firmware *
CVE-2019-20645 LOW

NETGEAR RAX40 devices before 1.0.3.62 are affected by stored XSS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear rax40_firmware *
CVE-2019-20646 MEDIUM

NETGEAR RAX40 devices before 1.0.3.64 are affected by disclosure of administrative credentials.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
netgear rax40_firmware *
CVE-2019-20647 LOW

NETGEAR RAX40 devices before 1.0.3.64 are affected by denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.1 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear rax40_firmware *
CVE-2019-20648 LOW

NETGEAR RN42400 devices before 6.10.2 are affected by incorrect configuration of security settings.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.5 LOW CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 2.1 1.4

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear rn42400_firmware *
CVE-2019-20649 MEDIUM

NETGEAR MR1100 devices before 12.06.08.00 are affected by disclosure of sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear mr1100_firmware *
CVE-2019-20650 MEDIUM

Certain NETGEAR devices are affected by denial of service. This affects R8900 before 1.0.5.2, R9000 before 1.0.5.2, XR500 before 2.3.2.56, and XR700 before 1.0.1.20.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear xr700_firmware *
netgear r8900_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
CVE-2019-20651 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WAC505 before 8.2.1.16 and WAC510 before 8.2.1.16.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear wac505_firmware *
netgear wac510_firmware *
CVE-2019-20652 LOW

NETGEAR WAC505 devices before 8.2.1.16 are affected by disclosure of sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N 2.0 4.0

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear wac505_firmware *
CVE-2019-20653 LOW

Certain NETGEAR devices are affected by denial of service. This affects WAC505 before 8.0.6.4 and WAC510 before 8.0.6.4.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear wac505_firmware *
netgear wac510_firmware *
CVE-2019-20654 MEDIUM

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects WAC505 before 8.0.6.4 and WAC510 before 8.0.6.4.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear wac505_firmware *
netgear wac510_firmware *
CVE-2019-20655 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects XR500 before 2.3.2.56 and XR700 before 1.0.1.20.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear xr700_firmware *
netgear xr500_firmware *
CVE-2019-20656 LOW

Certain NETGEAR devices are affected by a hardcoded password. This affects D6200 before 1.1.00.36, D7000 before 1.0.1.74, PR2000 before 1.0.0.30, R6020 before 1.0.0.42, R6080 before 1.0.0.42, R6050 before 1.0.1.24, JR6150 before 1.0.1.24, R6120 before 1.0.0.48, R6220 before 1.1.0.86, R6230 before 1.1.0.86, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, and WNR2020 before 1.1.0.62.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: LOW

Problem Type: CWE-798,

Products Affected

Vendor Product Version
netgear r6260_firmware *
netgear r6230_firmware *
netgear d7000_firmware *
netgear r6900_firmware *
netgear r6050_firmware *
netgear r6080_firmware *
netgear r6700_firmware *
netgear r6020_firmware *
netgear d6200_firmware *
netgear r6220_firmware *
netgear jr6150_firmware *
netgear r6800_firmware *
netgear pr2000_firmware *
netgear wnr2020_firmware *
netgear r6120_firmware *
CVE-2019-20657 MEDIUM

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D6200 before 1.1.00.36, D7000 before 1.0.1.74, PR2000 before 1.0.0.28, R6020 before 1.0.0.42, R6080 before 1.0.0.42, R6050 before 1.0.1.24, JR6150 before 1.0.1.24, R6120 before 1.0.0.48, R6220 before 1.1.0.86, R6230 before 1.1.0.86, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, and WNR2020 before 1.1.0.62.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netgear r6260_firmware *
netgear r6230_firmware *
netgear d7000_firmware *
netgear r6900_firmware *
netgear r6050_firmware *
netgear r6080_firmware *
netgear r6700_firmware *
netgear r6020_firmware *
netgear d6200_firmware *
netgear r6220_firmware *
netgear jr6150_firmware *
netgear r6800_firmware *
netgear pr2000_firmware *
netgear wnr2020_firmware *
netgear r6120_firmware *
CVE-2019-20658 LOW

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects FS728TLP before 1.0.1.26, GS105Ev2 before 1.6.0.4, GS105PE before 1.6.0.4, GS108Ev3 before 2.06.08, GS108PEv3 before 2.06.08, GS110EMX before 1.0.1.4, GS116Ev2 before 2.6.0.35, GS408EPP before 1.0.0.15, GS808E before 1.7.0.7, GS810EMX before 1.7.1.1, GS908E before 1.7.0.3, GSS108E before 1.6.0.4, GSS108EPP before 1.0.0.15, GSS116E before 1.6.0.9, JGS516PE before 2.6.0.35, JGS524Ev2 before 2.6.0.35, JGS524PE before 2.6.0.35, XS512EM before 1.0.1.1, XS708Ev2 before 1.6.0.23, XS716E before 1.6.0.23, and XS724EM before 1.0.1.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear gs808e_firmware *
netgear gs908e_firmware *
netgear gs105pe_firmware *
netgear jgs524e_firmware *
netgear jgs524pe_firmware *
netgear gss108epp_firmware *
netgear xs716e_firmware *
netgear gs108pe_firmware *
netgear fs728tlp_firmware *
netgear gs105e_firmware *
netgear gs408epp_firmware *
netgear gs810emx_firmware *
netgear gs116e_firmware *
netgear xs512em_firmware *
netgear gs108e_firmware *
netgear xs708e_firmware *
netgear gss116e_firmware *
netgear jgs516pe_firmware *
netgear gs110emx_firmware *
netgear xs724em_firmware *
netgear gss108e_firmware *
CVE-2019-20659 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6400v2 before 1.0.4.84, R6700 before 1.0.2.8, R6700v3 before 1.0.4.84, R6900 before 1.0.2.8, and R7900 before 1.0.3.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear r7900_firmware *
netgear r6900_firmware *
netgear r6400_firmware *
netgear r6700_firmware *
CVE-2019-20660 LOW

Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear rbs50_firmware *
netgear rbs20_firmware *
netgear rbk20_firmware *
netgear rbk40_firmware *
netgear rbr40_firmware *
netgear rbr20_firmware *
CVE-2019-20661 LOW

Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear rbs50_firmware *
CVE-2019-20662 LOW

Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.2 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear rbs50_firmware *
CVE-2019-20663 LOW

Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.2 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear rbs50_firmware *
CVE-2019-20664 LOW

Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear rbs50_firmware *
netgear rbs20_firmware *
netgear rbk20_firmware *
netgear rbk40_firmware *
netgear rbr40_firmware *
netgear rbr20_firmware *
CVE-2019-20665 LOW

Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear rbs50_firmware *
netgear rbs20_firmware *
netgear rbk20_firmware *
netgear rbk40_firmware *
netgear rbr40_firmware *
netgear rbr20_firmware *
CVE-2019-20666 LOW

Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear rbs50_firmware *
CVE-2019-20667 LOW

Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear rbs50_firmware *
netgear rbs20_firmware *
netgear rbk20_firmware *
netgear rbk40_firmware *
netgear rbr40_firmware *
netgear rbr20_firmware *
CVE-2019-20668 LOW

Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear rbs50_firmware *
netgear rbs20_firmware *
netgear rbk20_firmware *
netgear rbk40_firmware *
netgear rbr40_firmware *
netgear rbr20_firmware *
CVE-2019-20669 LOW

Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear rbs50_firmware *
netgear rbs20_firmware *
netgear rbk20_firmware *
netgear rbk40_firmware *
netgear rbr40_firmware *
netgear rbr20_firmware *
CVE-2019-20670 LOW

Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear rbs50_firmware *
CVE-2019-20671 LOW

Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear rbs50_firmware *
netgear rbs20_firmware *
netgear rbk20_firmware *
netgear rbk40_firmware *
netgear rbr40_firmware *
netgear rbr20_firmware *
CVE-2019-20672 LOW

Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear rbs50_firmware *
CVE-2019-20673 LOW

Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear rbs50_firmware *
netgear rbs20_firmware *
netgear rbk20_firmware *
netgear rbk40_firmware *
netgear rbr40_firmware *
netgear rbr20_firmware *
CVE-2019-20674 LOW

Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear rbs50_firmware *
netgear rbs20_firmware *
netgear rbk20_firmware *
netgear rbk40_firmware *
netgear rbr40_firmware *
netgear rbr20_firmware *
CVE-2019-20675 LOW

Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear rbs50_firmware *
CVE-2019-20676 LOW

Certain NETGEAR devices are affected by lack of access control at the function level. This affects FS728TLP before 1.0.1.26, GS105Ev2 before 1.6.0.4, GS105PE before 1.6.0.4, GS108Ev3 before 2.06.08, GS108PEv3 before 2.06.08, GS110EMX before 1.0.1.4, GS116Ev2 before 2.6.0.35, GS408EPP before 1.0.0.15, GS724TPv2 before 1.1.1.29, GS808E before 1.7.0.7, GS810EMX before 1.7.1.1, GS908E before 1.7.0.3, GSS108E before 1.6.0.4, GSS108EPP before 1.0.0.15, GSS116E before 1.6.0.9, JGS516PE before 2.6.0.35, JGS524Ev2 before 2.6.0.35, JGS524PE before 2.6.0.35, XS512EM before 1.0.1.1, XS708Ev2 before 1.6.0.23, XS716E before 1.6.0.23, and XS724EM before 1.0.1.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 0.8 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-862,

Products Affected

Vendor Product Version
netgear gs808e_firmware *
netgear gs908e_firmware *
netgear gs105pe_firmware *
netgear jgs524e_firmware *
netgear jgs524pe_firmware *
netgear gss108epp_firmware *
netgear xs716e_firmware *
netgear gs108pe_firmware *
netgear fs728tlp_firmware *
netgear gs105e_firmware *
netgear gs408epp_firmware *
netgear gs810emx_firmware *
netgear gs116e_firmware *
netgear xs512em_firmware *
netgear gs108e_firmware *
netgear xs708e_firmware *
netgear gss116e_firmware *
netgear jgs516pe_firmware *
netgear gs110emx_firmware *
netgear xs724em_firmware *
netgear gss108e_firmware *
netgear gs724tp_firmware *
CVE-2019-20677 LOW

Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear rbs50_firmware *
CVE-2019-20678 LOW

Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear rbs50_firmware *
netgear rbs20_firmware *
netgear rbk20_firmware *
netgear rbk40_firmware *
netgear rbr40_firmware *
netgear rbr20_firmware *
CVE-2019-20679 HIGH

NETGEAR MR1100 devices before 12.06.08.00 are affected by lack of access control at the function level.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear mr1100_firmware *
CVE-2019-20680 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7000v2 before 1.0.0.53, R6220 before 1.1.0.80, R6260 before 1.1.0.64, R6700 before 1.0.2.6, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900 before 1.0.2.4, R6900P before 1.3.1.64, R6900v2 before 1.2.0.36, R7000 before 1.0.9.60, R7000P before 1.3.1.64, R7800 before 1.0.2.60, R7900 before 1.0.3.8, R7900P before 1.4.1.30, R8000 before 1.0.4.46, R8000P before 1.4.1.30, R8300 before 1.0.2.128, R8500 before 1.0.2.128, R8900 before 1.0.4.12, R9000 before 1.0.4.12, and XR500 before 2.3.2.32.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear r6260_firmware *
netgear d7000_firmware *
netgear r6900_firmware *
netgear r7000_firmware *
netgear r7900p_firmware *
netgear r7000p_firmware *
netgear r7800_firmware *
netgear r6700_firmware *
netgear r8000_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear r7900_firmware *
netgear r8900_firmware *
netgear r8000p_firmware *
netgear r6220_firmware *
netgear r8500_firmware *
netgear r6800_firmware *
netgear r6900p_firmware *
netgear r8300_firmware *
CVE-2019-20681 MEDIUM

Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.34, D7000 before 1.0.1.68, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6050 before 1.0.1.18, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.64, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, and R6900v2 before 1.2.0.36.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear r6260_firmware *
netgear d6200_firmware *
netgear d7000_firmware *
netgear r6900_firmware *
netgear r6050_firmware *
netgear r6700_firmware *
netgear r6220_firmware *
netgear jr6150_firmware *
netgear r6800_firmware *
netgear pr2000_firmware *
netgear r6120_firmware *
CVE-2019-20682 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6200 before 1.1.00.32, D7000 before 1.0.1.68, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6050 before 1.0.1.18, R6080 before 1.0.0.38, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.40, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, WNR2020 before 1.1.0.62, and XR500 before 2.3.2.32.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear r6260_firmware *
netgear d7000_firmware *
netgear r6900_firmware *
netgear r6050_firmware *
netgear r6080_firmware *
netgear r6700_firmware *
netgear d6000_firmware *
netgear r6020_firmware *
netgear xr500_firmware *
netgear d6200_firmware *
netgear d3600_firmware *
netgear r6220_firmware *
netgear jr6150_firmware *
netgear r6800_firmware *
netgear pr2000_firmware *
netgear wnr2020_firmware *
netgear r6120_firmware *
CVE-2019-20683 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6200 before 1.1.00.32, D7000 before 1.0.1.68, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6050 before 1.0.1.18, R6080 before 1.0.0.38, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.40, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, WNR2020 before 1.1.0.62, and XR500 before 2.3.2.32.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear r6260_firmware *
netgear d7000_firmware *
netgear r6900_firmware *
netgear r6050_firmware *
netgear r6080_firmware *
netgear r6700_firmware *
netgear d6000_firmware *
netgear r6020_firmware *
netgear xr500_firmware *
netgear d6200_firmware *
netgear d3600_firmware *
netgear r6220_firmware *
netgear jr6150_firmware *
netgear r6800_firmware *
netgear pr2000_firmware *
netgear wnr2020_firmware *
netgear r6120_firmware *
CVE-2019-20684 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6200 before 1.1.00.32, D7000 before 1.0.1.68, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6050 before 1.0.1.18, R6080 before 1.0.0.38, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.40, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, WNR2020 before 1.1.0.62, and XR500 before 2.3.2.32.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear r6260_firmware *
netgear d7000_firmware *
netgear r6900_firmware *
netgear r6050_firmware *
netgear r6080_firmware *
netgear r6700_firmware *
netgear d6000_firmware *
netgear r6020_firmware *
netgear xr500_firmware *
netgear d6200_firmware *
netgear d3600_firmware *
netgear r6220_firmware *
netgear jr6150_firmware *
netgear r6800_firmware *
netgear pr2000_firmware *
netgear wnr2020_firmware *
netgear r6120_firmware *
CVE-2019-20685 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6200 before 1.1.00.32, D7000 before 1.0.1.68, DM200 before 1.0.0.58, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6050 before 1.0.1.18, R6080 before 1.0.0.38, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.40, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, WNR2020 before 1.1.0.62, and XR500 before 2.3.2.32.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear r6260_firmware *
netgear d7000_firmware *
netgear r6900_firmware *
netgear r6050_firmware *
netgear r6080_firmware *
netgear r6700_firmware *
netgear d6000_firmware *
netgear r6020_firmware *
netgear xr500_firmware *
netgear d6200_firmware *
netgear d3600_firmware *
netgear dm200_firmware *
netgear r6220_firmware *
netgear jr6150_firmware *
netgear r6800_firmware *
netgear pr2000_firmware *
netgear wnr2020_firmware *
netgear r6120_firmware *
CVE-2019-20686 MEDIUM

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.36, D7000 before 1.0.1.74, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.40, R6080 before 1.0.0.40, R6050 before 1.0.1.18, R6120 before 1.0.0.48, R6220 before 1.1.0.86, R6260 before 1.1.0.64, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, and WNR2020 before 1.1.0.62.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netgear r6260_firmware *
netgear d7000_firmware *
netgear r6900_firmware *
netgear r6050_firmware *
netgear r6080_firmware *
netgear r6700_firmware *
netgear r6020_firmware *
netgear d6200_firmware *
netgear r6220_firmware *
netgear jr6150_firmware *
netgear r6800_firmware *
netgear pr2000_firmware *
netgear wnr2020_firmware *
netgear r6120_firmware *
CVE-2019-20687 MEDIUM

Certain NETGEAR devices are affected by denial of service. This affects D6200 before 1.1.00.34, D7000 before 1.0.1.70, JR6150 before 1.0.1.18, R6050 before 1.0.1.18, and WNR2020 before 1.1.0.62.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear d6200_firmware *
netgear d7000_firmware *
netgear r6050_firmware *
netgear jr6150_firmware *
netgear wnr2020_firmware *
CVE-2019-20688 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, EX2700 before 1.0.1.48, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.72, EX6400 before 1.0.2.136, EX7300 before 1.0.2.136, EX8000 before 1.0.1.180, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WN2000RPTv3 before 1.0.1.32, WN3000RPv2 before 1.0.0.68, WN3100RPv2 before 1.0.0.60, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear ex6100_firmware *
netgear wndr3700_firmware *
netgear ex8000_firmware *
netgear ex6200_firmware *
netgear wndr4300_firmware *
netgear wn2000rpt_firmware *
netgear r7800_firmware *
netgear d6100_firmware *
netgear d6000_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear wn3100rp_firmware *
netgear wndr4500_firmware *
netgear ex6400_firmware *
netgear ex7300_firmware *
netgear ex6150_firmware *
netgear d3600_firmware *
netgear wn3000rp_firmware *
netgear r8900_firmware *
netgear ex2700_firmware *
netgear wnr2000_firmware *
CVE-2019-20689 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6000 before 1.0.0.75, D6100 before 1.0.0.63, EX2700 before 1.0.1.48, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.72, EX6400 before 1.0.2.136, EX7300 before 1.0.2.136, EX8000 before 1.0.1.180, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WN2000RPTv3 before 1.0.1.32, WN3000RPv2 before 1.0.0.68, WN3100RPv2 before 1.0.0.60, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear ex6100_firmware *
netgear wndr3700_firmware *
netgear ex8000_firmware *
netgear ex6200_firmware *
netgear wndr4300_firmware *
netgear wn2000rpt_firmware *
netgear r7800_firmware *
netgear d6100_firmware *
netgear d6000_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear wn3100rp_firmware *
netgear wndr4500_firmware *
netgear ex6400_firmware *
netgear ex7300_firmware *
netgear ex6150_firmware *
netgear wn3000rp_firmware *
netgear r8900_firmware *
netgear ex2700_firmware *
netgear wnr2000_firmware *
CVE-2019-20690 MEDIUM

Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.30, D7000 before 1.0.1.66, R6020 before 1.0.0.34, R6080 before 1.0.0.34, R6120 before 1.0.0.44, R6220 before 1.1.0.68, WNR2020 before 1.1.0.54, and WNR614 before 1.1.0.54.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear d6200_firmware *
netgear d7000_firmware *
netgear r6080_firmware *
netgear wnr614_firmware *
netgear r6220_firmware *
netgear r6020_firmware *
netgear wnr2020_firmware *
netgear r6120_firmware *
CVE-2019-20691 MEDIUM

Certain NETGEAR devices are affected by CSRF. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.24, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150v1 before 1.0.0.42, EX6200 before 1.0.3.88, EX7000 before 1.0.0.66, and WN2500RPv2 before 1.0.1.54.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
netgear ex6100_firmware *
netgear ex6200_firmware *
netgear ex6130_firmware *
netgear ex6000_firmware *
netgear ex7000_firmware *
netgear d6000_firmware *
netgear ex3800_firmware *
netgear ex6150_firmware *
netgear ex6120_firmware *
netgear d3600_firmware *
netgear ex3700_firmware *
netgear wn2500rp_firmware *
CVE-2019-20692 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6220 before 1.0.0.44, D6400 before 1.0.0.78, D7000v2 before 1.0.0.51, D8500 before 1.0.3.42, DGN2200v4 before 1.0.0.110, DGND2200Bv4 before 1.0.0.109, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.24, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150v1 before 1.0.0.42, EX6200 before 1.0.3.88, EX7000 before 1.0.0.66, R6250 before 1.0.4.26, R6300v2 before 1.0.4.28, R6400 before 1.0.1.36, R6400v2 before 1.0.2.52, R6700 before 1.0.1.46, R6900 before 1.0.1.46, R7000 before 1.0.9.28, R6900P before 1.3.1.44, R7000P before 1.3.1.44, R7100LG before 1.0.0.46, R7300DST before 1.0.0.68, R7900 before 1.0.2.10, R8000 before 1.0.4.12, R7900P before 1.3.0.10, R8000P before 1.3.0.10, R8300 before 1.0.2.122, R8500 before 1.0.2.122, WN2500RPv2 before 1.0.1.54, WNDR3400v3 before 1.0.1.22, and WNR3500Lv2 before 1.2.0.54.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear d7000_firmware *
netgear r6900_firmware *
netgear r7000_firmware *
netgear r7900p_firmware *
netgear d6220_firmware *
netgear r7000p_firmware *
netgear wnr3500l_firmware *
netgear r8000_firmware *
netgear d6400_firmware *
netgear ex3800_firmware *
netgear r7300dst_firmware *
netgear ex6150_firmware *
netgear r6400_firmware *
netgear wndr3400_firmware *
netgear ex6120_firmware *
netgear wn2500rp_firmware *
netgear r8500_firmware *
netgear r6250_firmware *
netgear r6900p_firmware *
netgear dgn2200_firmware *
netgear r8300_firmware *
netgear ex6100_firmware *
netgear ex6200_firmware *
netgear ex6130_firmware *
netgear ex6000_firmware *
netgear d8500_firmware *
netgear ex7000_firmware *
netgear r6700_firmware *
netgear r7900_firmware *
netgear dgnd2200b_firmware *
netgear r6300_firmware *
netgear r7100lg_firmware *
netgear ex3700_firmware *
netgear r8000p_firmware *
CVE-2019-20693 MEDIUM

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects WAC505 before 8.0.6.4 and WAC510 before 8.0.6.4.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 2.8 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,

Products Affected

Vendor Product Version
netgear wac505_firmware *
netgear wac510_firmware *
CVE-2019-20694 MEDIUM

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects GS728TP before 6.0.0.48, GS728TPPv2 before 6.0.0.48, GS728TPv2 before 6.0.0.48, GS752TPP before 6.0.0.48, and GS752TPv2 before 6.0.0.48.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear gs728tpp_firmware *
netgear gs752tp_firmware *
netgear gs728tp_firmware *
netgear gs752tpp_firmware *
CVE-2019-20695 MEDIUM

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects SRK60 before 2.3.5.106, SRR60 before 2.3.5.106, and SRS60 before 2.3.5.106.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear srs60_firmware *
netgear srr60_firmware *
netgear srk60_firmware *
CVE-2019-20696 MEDIUM

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects WAC505 before V5.6.8.3 and WAC510 before V5.6.8.3.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear wac505_firmware *
netgear wac510_firmware *
CVE-2019-20697 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects GS728TPPv2 before 6.0.0.48, GS728TPv2 before 6.0.0.48, GS750E before 1.0.1.4, GS752TPP before 6.0.0.48, and GS752TPv2 before 6.0.0.48.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear gs750e_firmware *
netgear gs728tpp_firmware *
netgear gs752tp_firmware *
netgear gs728tp_firmware *
netgear gs752tpp_firmware *
CVE-2019-20698 LOW

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects WAC505 before 8.0.5.5 and WAC510 before 8.0.5.5.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear wac505_firmware *
netgear wac510_firmware *
CVE-2019-20699 HIGH

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects GS105Ev2 before 1.6.0.4, GS105PE before 1.6.0.4, GS408EPP before 1.0.0.15, GS808E before 1.7.0.7, GS908E before 1.7.0.3, GSS108E before 1.6.0.4, and GSS108EPP before 1.0.0.15.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netgear gs808e_firmware *
netgear gs908e_firmware *
netgear gs105pe_firmware *
netgear gss108epp_firmware *
netgear gs105e_firmware *
netgear gss108e_firmware *
netgear gs408epp_firmware *
CVE-2019-20700 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6220 before 1.0.0.44, D6400 before 1.0.0.78, D7000v2 before 1.0.0.51, D8500 before 1.0.3.42, DGN2200v4 before 1.0.0.110, DGND2200Bv4 before 1.0.0.110, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.24, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150v1 before 1.0.0.42, EX6200 before 1.0.3.88, EX7000 before 1.0.0.66, R6250 before 1.0.4.26, R6300v2 before 1.0.4.28, R6400 before 1.0.1.36, R6400v2 before 1.0.2.52, R6700 before 1.0.1.46, R6900 before 1.0.1.46, R7000 before 1.0.9.28, R7900 before 1.0.2.10, R8000 before 1.0.4.12, R8300 before 1.0.2.122, R8500 before 1.0.2.122, R6900P before 1.3.1.64, R7000P before 1.3.1.64, R7100LG before 1.0.0.46, R7300DST before 1.0.0.68, R7900P before 1.3.0.10, R8000P before 1.3.0.10, WN2500RPv2 before 1.0.1.54, WNDR3400v3 before 1.0.1.22, and WNR3500Lv2 before 1.2.0.54.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear d7000_firmware *
netgear r6900_firmware *
netgear r7000_firmware *
netgear r7900p_firmware *
netgear d6220_firmware *
netgear r7000p_firmware *
netgear wnr3500l_firmware *
netgear r8000_firmware *
netgear d6400_firmware *
netgear ex3800_firmware *
netgear r7300dst_firmware *
netgear ex6150_firmware *
netgear r6400_firmware *
netgear wndr3400_firmware *
netgear ex6120_firmware *
netgear wn2500rp_firmware *
netgear r8500_firmware *
netgear r6250_firmware *
netgear r6900p_firmware *
netgear dgn2200_firmware *
netgear r8300_firmware *
netgear ex6100_firmware *
netgear ex6200_firmware *
netgear ex6130_firmware *
netgear ex6000_firmware *
netgear d8500_firmware *
netgear ex7000_firmware *
netgear r6700_firmware *
netgear r7900_firmware *
netgear dgnd2200b_firmware *
netgear r6300_firmware *
netgear r7100lg_firmware *
netgear ex3700_firmware *
netgear r8000p_firmware *
CVE-2019-20701 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear d3600_firmware *
netgear d6000_firmware *
netgear xr500_firmware *
CVE-2019-20702 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear d3600_firmware *
netgear d6000_firmware *
netgear xr500_firmware *
CVE-2019-20703 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear d3600_firmware *
netgear d6000_firmware *
netgear xr500_firmware *
CVE-2019-20704 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear d3600_firmware *
netgear d6000_firmware *
netgear xr500_firmware *
CVE-2019-20705 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear d3600_firmware *
netgear d6000_firmware *
netgear xr500_firmware *
CVE-2019-20706 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7800 before 1.0.2.60 and XR500 before 2.3.2.32.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear r7800_firmware *
netgear xr500_firmware *
CVE-2019-20707 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7800 before 1.0.2.60 and XR500 before 2.3.2.32.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear r7800_firmware *
netgear xr500_firmware *
CVE-2019-20708 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear d3600_firmware *
netgear d6000_firmware *
netgear xr500_firmware *
CVE-2019-20709 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear d3600_firmware *
netgear d6000_firmware *
netgear xr500_firmware *
CVE-2019-20710 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear d3600_firmware *
netgear d6000_firmware *
netgear xr500_firmware *
CVE-2019-20711 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear d3600_firmware *
netgear d6000_firmware *
netgear xr500_firmware *
CVE-2019-20712 MEDIUM

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D6220 before 1.0.0.52, D6400 before 1.0.0.86, D7000v2 before 1.0.0.53, D8500 before 1.0.3.44, DGN2200v4 before 1.0.0.110, DGND2200Bv4 before 1.0.0.109, R6250 before 1.0.4.34, R6300v2 before 1.0.4.32, R6400 before 1.0.1.46, R6400v2 before 1.0.2.62, R6700 before 1.0.2.6, R6900 before 1.0.2.4, R6900P before 1.3.1.64, R7000 before 1.0.9.60, R7000P before 1.3.1.64, R7100LG before 1.0.0.52, R7300DST before 1.0.0.70, R7900 before 1.0.3.8, R7900P before 1.4.1.30, R8000 before 1.0.4.28, R8000P before 1.4.1.30, R8300 before 1.0.2.128, R8500 before 1.0.2.128, WNDR3400v3 before 1.0.1.24, and WNR3500Lv2 before 1.2.0.56.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netgear d7000_firmware *
netgear r6900_firmware *
netgear r7000_firmware *
netgear r7900p_firmware *
netgear d6220_firmware *
netgear r7000p_firmware *
netgear wnr3500l_firmware *
netgear r8000_firmware *
netgear d6400_firmware *
netgear r7300dst_firmware *
netgear r6400_firmware *
netgear wndr3400_firmware *
netgear r8500_firmware *
netgear r6250_firmware *
netgear r6900p_firmware *
netgear dgn2200_firmware *
netgear r8300_firmware *
netgear d8500_firmware *
netgear r6700_firmware *
netgear r7900_firmware *
netgear dgnd2200b_firmware *
netgear r6300_firmware *
netgear r7100lg_firmware *
netgear r8000p_firmware *
CVE-2019-20713 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D8500 before 1.0.3.44, R6250 before 1.0.4.34, R6300v2 before 1.0.4.32, R6400 before 1.0.1.46, R6700 before 1.0.2.6, R6900 before 1.0.2.4, R6900P before 1.3.1.64, R7000 before 1.0.9.42, R7000P before 1.3.1.64, R7100LG before 1.0.0.50, R7300DST before 1.0.0.70, R7900 before 1.0.3.8, R7900P before 1.4.1.30, R8000 before 1.0.4.28, R8000P before 1.4.1.30, R8300 before 1.0.2.128, and R8500 before 1.0.2.128.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear r6900_firmware *
netgear r7000_firmware *
netgear r7900p_firmware *
netgear r7000p_firmware *
netgear d8500_firmware *
netgear r6700_firmware *
netgear r8000_firmware *
netgear r7900_firmware *
netgear r7300dst_firmware *
netgear r6300_firmware *
netgear r6400_firmware *
netgear r7100lg_firmware *
netgear r8000p_firmware *
netgear r8500_firmware *
netgear r6250_firmware *
netgear r6900p_firmware *
netgear r8300_firmware *
CVE-2019-20714 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7500v2 before 1.0.3.40, R7800 before 1.0.2.60, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.22, RBR20 before 2.3.0.22, RBS20 before 2.3.0.22, RBK50 before 2.3.0.22, RBR50 before 2.3.0.22, RBS50 before 2.3.0.22, RBS40 before 2.3.0.22, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.60, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.68.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear rbs50_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear d6000_firmware *
netgear r9000_firmware *
netgear wn3100rp_firmware *
netgear wndr4500_firmware *
netgear d7800_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear d3600_firmware *
netgear dm200_firmware *
netgear rbs20_firmware *
netgear rbk20_firmware *
netgear wn3000rp_firmware *
netgear r8900_firmware *
netgear r7500_firmware *
netgear rbr20_firmware *
netgear wnr2000_firmware *
CVE-2019-20715 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6100 before 1.0.0.63, D7800 before 1.0.1.47, DM200 before 1.0.0.61, R7500v2 before 1.0.3.40, R7800 before 1.0.2.60, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, and RBS50 before 2.3.0.32.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear rbs50_firmware *
netgear d3600_firmware *
netgear dm200_firmware *
netgear r7800_firmware *
netgear d6100_firmware *
netgear d6000_firmware *
netgear r7500_firmware *
CVE-2019-20716 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects DGN2200v4 before 1.0.0.110 and DGND2200Bv4 before 1.0.0.109.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear dgnd2200b_firmware *
netgear dgn2200_firmware *
CVE-2019-20717 LOW

Certain NETGEAR devices are affected by denial of service. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D7800 before 1.0.1.44, EX2700 before 1.0.1.52, EX6200v2 before 1.0.1.74, EX8000 before 1.0.1.180, R7500v2 before 1.0.3.38, R7800 before 1.0.2.58, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, RBS40 before 2.3.0.28, SRK60 before 2.2.1.210, SRR60 before 2.2.1.210, SRS60 before 2.2.1.210, WN2000RPTv3 before 1.0.1.34, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.60, WNDR4300v2 before 1.0.0.58, and WNDR4500v3 before 1.0.0.58.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear ex8000_firmware *
netgear rbs50_firmware *
netgear ex6200_firmware *
netgear wndr4300_firmware *
netgear wn2000rpt_firmware *
netgear r7800_firmware *
netgear d6000_firmware *
netgear srr60_firmware *
netgear wn3100rp_firmware *
netgear wndr4500_firmware *
netgear d7800_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear srs60_firmware *
netgear d3600_firmware *
netgear rbs20_firmware *
netgear rbk20_firmware *
netgear wn3000rp_firmware *
netgear r7500_firmware *
netgear ex2700_firmware *
netgear rbr20_firmware *
netgear srk60_firmware *
CVE-2019-20718 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6220 before 1.0.0.48, D6400 before 1.0.0.82, D7000v2 before 1.0.0.52, D8500 before 1.0.3.43, R6250 before 1.0.4.34, R6400 before 1.0.1.44, R6400v2 before 1.0.2.62, R7100LG before 1.0.0.48, R7300DST before 1.0.0.68, R7900 before 1.0.3.8, R7900P before 1.4.1.30, R8000 before 1.0.4.28, R8000P before 1.4.1.30, R8300 before 1.0.2.128, and R8500 before 1.0.2.128.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear d7000_firmware -
netgear r8000_firmware -
netgear r7900p_firmware -
netgear r8500_firmware -
netgear r7100lg_firmware -
netgear r7900_firmware -
netgear r8000p_firmware -
netgear r7300dst_firmware -
netgear d6220_firmware -
netgear r6400_firmware -
netgear r8300_firmware -
netgear d8500_firmware -
netgear r6250_firmware -
netgear d6400_firmware -
CVE-2019-20719 MEDIUM

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D6220 before 1.0.0.48, D6400 before 1.0.0.82, D7000v2 before 1.0.0.52, D8500 before 1.0.3.43, R6250 before 1.0.4.34, R6400 before 1.0.1.44, R6400v2 before 1.0.2.62, R7000P before 1.4.1.30, R7100LG before 1.0.0.48, R7300DST before 1.0.0.68, R7900 before 1.0.3.8, R7900P before 1.4.1.30, R8000 before 1.0.4.28, R8000P before 1.4.1.30, R8300 before 1.0.2.128, and R8500 before 1.0.2.128.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netgear d7000_firmware *
netgear r7900p_firmware *
netgear d6220_firmware *
netgear r7000p_firmware *
netgear d8500_firmware *
netgear r8000_firmware *
netgear d6400_firmware *
netgear r7900_firmware *
netgear r7300dst_firmware *
netgear r6400_firmware *
netgear r7100lg_firmware *
netgear r8000p_firmware *
netgear r8500_firmware *
netgear r6250_firmware *
netgear r8300_firmware *
CVE-2019-20720 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D7800 before 1.0.1.47, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.12, R9000 before 1.0.4.12, WN2000RPTv3 before 1.0.1.32, WN3000RPv3 before 1.0.2.70, and WN3100RPv2 before 1.0.0.66.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear d3600_firmware *
netgear wn2000rpt_firmware *
netgear r7800_firmware *
netgear wn3000rp_firmware *
netgear r8900_firmware *
netgear d6000_firmware *
netgear r7500_firmware *
netgear r9000_firmware *
netgear wn3100rp_firmware *
CVE-2019-20721 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.47, EX2700 before 1.0.1.48, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.72, EX6400 before 1.0.2.136, EX7300 before 1.0.2.136, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.12, R9000 before 1.0.4.12, WN2000RPTv3 before 1.0.1.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.66, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.66, XR450 before 2.3.2.32, and XR500 before 2.3.2.32.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear ex6100_firmware *
netgear ex6200_firmware *
netgear wndr4300_firmware *
netgear wn2000rpt_firmware *
netgear r7800_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear wn3100rp_firmware *
netgear wndr4500_firmware *
netgear ex6400_firmware *
netgear ex7300_firmware *
netgear d7800_firmware *
netgear xr450_firmware *
netgear ex6150_firmware *
netgear wn3000rp_firmware *
netgear r8900_firmware *
netgear r7500_firmware *
netgear ex2700_firmware *
netgear wnr2000_firmware *
CVE-2019-20722 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, RBS40 before 2.3.0.28, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear rbs50_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear wndr4500_firmware *
netgear d7800_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear dm200_firmware *
netgear rbs20_firmware *
netgear rbk20_firmware *
netgear r8900_firmware *
netgear r7500_firmware *
netgear rbr20_firmware *
netgear wnr2000_firmware *
CVE-2019-20723 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, DM200 before 1.0.0.58, EX2700 before 1.0.1.48, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.72, EX6400 before 1.0.2.136, EX7300 before 1.0.2.136, EX8000 before 1.0.1.180, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WN2000RPTv3 before 1.0.1.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.60, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear ex6100_firmware *
netgear ex8000_firmware *
netgear ex6200_firmware *
netgear wndr4300_firmware *
netgear wn2000rpt_firmware *
netgear r7800_firmware *
netgear d6100_firmware *
netgear d6000_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear wn3100rp_firmware *
netgear wndr4500_firmware *
netgear ex6400_firmware *
netgear ex7300_firmware *
netgear ex6150_firmware *
netgear d3600_firmware *
netgear dm200_firmware *
netgear wn3000rp_firmware *
netgear r8900_firmware *
netgear ex2700_firmware *
netgear wnr2000_firmware *
CVE-2019-20724 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, D7800 before 1.0.1.44, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, RBS40 before 2.3.0.28, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear wndr3700_firmware *
netgear rbs50_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear d6100_firmware *
netgear d6000_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear wndr4500_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear d3600_firmware *
netgear rbs20_firmware *
netgear rbk20_firmware *
netgear r8900_firmware *
netgear r7500_firmware *
netgear rbr20_firmware *
netgear wnr2000_firmware *
CVE-2019-20725 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear d3600_firmware *
netgear r7800_firmware *
netgear d6100_firmware *
netgear r8900_firmware *
netgear d6000_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear wnr2000_firmware *
netgear wndr4500_firmware *
CVE-2019-20726 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear d3600_firmware *
netgear r7800_firmware *
netgear d6100_firmware *
netgear r8900_firmware *
netgear d6000_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear wnr2000_firmware *
netgear wndr4500_firmware *
CVE-2019-20727 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6100 before 1.0.0.63, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear d6100_firmware *
netgear r8900_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear wnr2000_firmware *
netgear wndr4500_firmware *
CVE-2019-20728 MEDIUM

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D6400 before 1.0.0.74, D7000v2 before 1.0.0.74, D7800 before 1.0.1.34, D8500 before 1.0.3.39, DGN2200v4 before 1.0.0.102, DGND2200Bv4 before 1.0.0.102, DM200 before 1.0.0.52, JNDR3000 before 1.0.0.22, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, RBW30 before 2.1.2.6, R6250 before 1.0.4.26, R6300v2 before 1.0.4.24, R6400 before 1.0.1.36, R6400v2 before 1.0.2.52, R6700 before 1.0.1.44, R6900 before 1.0.1.44, R7000 before 1.0.9.26, R6900P before 1.3.0.20, R7000P before 1.3.0.20, R7100LG before 1.0.0.40, R7300DST before 1.0.0.62, R7500v2 before 1.0.3.26, R7800 before 1.0.2.44, R7900 before 1.0.2.10, R8000 before 1.0.4.12, R7900P before 1.3.0.10, R8000P before 1.3.0.10, R8300 before 1.0.2.116, R8500 before 1.0.2.116, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3400v3 before 1.0.1.18, WNDR3700v4 before 1.0.2.96, WNDR4300v1 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, WNR2000v5 before 1.0.0.64, and WNR3500Lv2 before 1.2.0.48.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear rbs50_firmware *
netgear d7000_firmware *
netgear r6900_firmware *
netgear r7000_firmware *
netgear r7900p_firmware *
netgear wndr4300_firmware *
netgear r7000p_firmware *
netgear wnr3500l_firmware *
netgear r8000_firmware *
netgear d6400_firmware *
netgear wndr4500_firmware *
netgear rbr50_firmware *
netgear r7300dst_firmware *
netgear r6400_firmware *
netgear wndr3400_firmware *
netgear r8500_firmware *
netgear r6250_firmware *
netgear r6900p_firmware *
netgear dgn2200_firmware *
netgear r8300_firmware *
netgear rbw30_firmware *
netgear d8500_firmware *
netgear r7800_firmware *
netgear r6700_firmware *
netgear r9000_firmware *
netgear r7900_firmware *
netgear d7800_firmware *
netgear rbk50_firmware *
netgear dgnd2200b_firmware *
netgear jndr3000_firmware *
netgear r6300_firmware *
netgear dm200_firmware *
netgear r7100lg_firmware *
netgear r8900_firmware *
netgear r7500_firmware *
netgear r8000p_firmware *
netgear wnr2000_firmware *
CVE-2019-20729 LOW

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects JNDR3000 before 1.0.0.22, R6250 before 1.0.4.26, R6300v2 before 1.0.4.22, R6400 before 1.0.1.36, R6400v2 before 1.0.2.52, R6700 before 1.0.1.44, R6900 before 1.0.1.44, R7000 before 1.0.9.28, R6900P before 1.3.1.26, R7000P before 1.3.1.26, R7300DST before 1.0.0.62, R7900 before 1.0.2.16, R8000 before 1.0.4.18, R7900P before 1.4.1.42, R8000P before 1.4.1.42, R8300 before 1.0.2.116, R8500 before 1.0.2.116, WNDR3400v3 before 1.0.1.18, WNDR4500v2 before 1.0.0.68, and WNR3500Lv2 before 1.2.0.48.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N 0.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear r6900_firmware *
netgear r7000_firmware *
netgear r7900p_firmware *
netgear r7000p_firmware *
netgear wnr3500l_firmware *
netgear r6700_firmware *
netgear r8000_firmware *
netgear wndr4500_firmware *
netgear r7900_firmware *
netgear r7300dst_firmware *
netgear jndr3000_firmware *
netgear r6300_firmware *
netgear r6400_firmware *
netgear wndr3400_firmware *
netgear r8000p_firmware *
netgear r8500_firmware *
netgear r6250_firmware *
netgear r6900p_firmware *
netgear r8300_firmware *
CVE-2019-20730 HIGH

Certain NETGEAR devices are affected by SQL injection. This affects D3600 before 1.0.0.68, D6000 before 1.0.0.68, D6200 before 1.1.00.28, D6220 before 1.0.0.40, D6400 before 1.0.0.74, D7000 before 1.0.1.60, D7000v2 before 1.0.0.74, D7800 before 1.0.1.34, D8500 before 1.0.3.39, DC112A before 1.0.0.40, EX8000 before 1.0.0.118, JR6150 before 1.0.1.18, R6050 before 1.0.1.18, R6220 before 1.1.0.66, R6250 before 1.0.4.26, R6300v2 before 1.0.4.24, R6400 before 1.0.1.36, R6400v2 before 1.0.2.52, R6700 before 1.0.1.44, R6700v2 before 1.2.0.16, R6800 before 1.2.0.16, R6900v2 before 1.2.0.16, R6900 before 1.0.1.44, R7000 before 1.0.9.26, R6900P before 1.3.0.20, R7000P before 1.3.0.20, R7100LG before 1.0.0.40, R7300DST before 1.0.0.62, R7500 before 1.0.0.118, R7500v2 before 1.0.3.26, R7800 before 1.0.2.40, R7900 before 1.0.2.10, R8000 before 1.0.4.12, R7900P before 1.3.0.10, R8000P before 1.3.0.10, R8300 before 1.0.2.116, R8500 before 1.0.2.116, R8900 before 1.0.3.6, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.102, WNDR3700v5 before 1.1.0.54, WNDR4300v1 before 1.0.2.98, WNDR4300v2 before 1.0.0.56, and WNDR4500v3 before 1.0.0.56.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear d7000_firmware *
netgear r6900_firmware *
netgear r7000_firmware *
netgear r7900p_firmware *
netgear d6220_firmware *
netgear wndr4300_firmware *
netgear r7000p_firmware *
netgear r8000_firmware *
netgear d6400_firmware *
netgear wndr4500_firmware *
netgear r7300dst_firmware *
netgear r6400_firmware *
netgear r8500_firmware *
netgear jr6150_firmware *
netgear r6800_firmware *
netgear r6250_firmware *
netgear r6900p_firmware *
netgear r8300_firmware *
netgear ex8000_firmware *
netgear r6050_firmware *
netgear d8500_firmware *
netgear r7800_firmware *
netgear r6700_firmware *
netgear dc112a_firmware *
netgear d6000_firmware *
netgear r9000_firmware *
netgear r7900_firmware *
netgear d7800_firmware *
netgear d6200_firmware *
netgear r6300_firmware *
netgear d3600_firmware *
netgear r7100lg_firmware *
netgear r8900_firmware *
netgear r7500_firmware *
netgear r8000p_firmware *
netgear r6220_firmware *
CVE-2019-20731 MEDIUM

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D6220 before 1.0.0.40, D6400 before 1.0.0.74, D7000v2 before 1.0.0.74, D8500 before 1.0.3.39, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.22, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150v1 before 1.0.0.42, EX6200 before 1.0.3.88, EX7000 before 1.0.0.66, R6250 before 1.0.4.20, R6300v2 before 1.0.4.18, R6400v2 before 1.0.2.52, R6700 before 1.0.1.44, R6900 before 1.0.1.46, R7000 before 1.0.9.26, R6900P before 1.3.0.20, R7000P before 1.3.0.20, R7100LG before 1.0.0.34, R7300DST before 1.0.0.62, R8000 before 1.0.4.12, R7900P before 1.3.0.10, R8000P before 1.3.0.10, R8300 before 1.0.2.116, R8500 before 1.0.2.116, WN2500RPv2 before 1.0.1.54, and WNDR3400v3 before 1.0.1.18.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netgear d7000_firmware *
netgear r6900_firmware *
netgear r7000_firmware *
netgear r7900p_firmware *
netgear d6220_firmware *
netgear r7000p_firmware *
netgear r8000_firmware *
netgear d6400_firmware *
netgear ex3800_firmware *
netgear r7300dst_firmware *
netgear ex6150_firmware *
netgear r6400_firmware *
netgear wndr3400_firmware *
netgear ex6120_firmware *
netgear wn2500rp_firmware *
netgear r8500_firmware *
netgear r6250_firmware *
netgear r6900p_firmware *
netgear r8300_firmware *
netgear ex6100_firmware *
netgear ex6200_firmware *
netgear ex6130_firmware *
netgear ex6000_firmware *
netgear d8500_firmware *
netgear ex7000_firmware *
netgear r6700_firmware *
netgear r6300_firmware *
netgear r7100lg_firmware *
netgear ex3700_firmware *
netgear r8000p_firmware *
CVE-2019-20732 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6220 before 1.0.0.40, D7000v2 before 1.0.0.74, D8500 before 1.0.3.39, DGN2200v4 before 1.0.0.102, DGND2200Bv4 before 1.0.0.102, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.22, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150v1 before 1.0.0.42, EX6200 before 1.0.3.88, EX7000 before 1.0.0.66, R6250 before 1.0.4.20, R6300v2 before 1.0.4.24, R6400 before 1.0.1.32, R6400v2 before 1.0.2.44, R6700 before 1.0.1.46, R6900 before 1.0.1.46, R7000 before 1.0.9.26, R6900P before 1.3.0.20, R7000P before 1.3.0.20, R7100LG before 1.0.0.40, R7300DST before 1.0.0.62, R7900 before 1.0.2.10, R8000 before 1.0.4.12, R7900P before 1.3.0.10, R8000P before 1.3.0.10, R8300 before 1.0.2.106, R8500 before 1.0.2.106, WN2500RPv2 before 1.0.1.54, WNDR3400v3 before 1.0.1.18, and WNR3500Lv2 before 1.2.0.48.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear d7000_firmware *
netgear r6900_firmware *
netgear r7000_firmware *
netgear r7900p_firmware *
netgear d6220_firmware *
netgear r7000p_firmware *
netgear wnr3500l_firmware *
netgear r8000_firmware *
netgear ex3800_firmware *
netgear r7300dst_firmware *
netgear ex6150_firmware *
netgear r6400_firmware *
netgear wndr3400_firmware *
netgear ex6120_firmware *
netgear wn2500rp_firmware *
netgear r8500_firmware *
netgear r6250_firmware *
netgear r6900p_firmware *
netgear dgn2200_firmware *
netgear r8300_firmware *
netgear ex6100_firmware *
netgear ex6200_firmware *
netgear ex6130_firmware *
netgear ex6000_firmware *
netgear d8500_firmware *
netgear ex7000_firmware *
netgear r6700_firmware *
netgear r7900_firmware *
netgear dgnd2200b_firmware *
netgear r6300_firmware *
netgear r7100lg_firmware *
netgear ex3700_firmware *
netgear r8000p_firmware *
CVE-2019-20733 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6220 before 1.0.0.44, D6400 before 1.0.0.78, D7000v2 before 1.0.0.51, D8500 before 1.0.3.42, DGN2200v4 before 1.0.0.110, DGND2200Bv4 before 1.0.0.110, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.24, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150v1 before 1.0.0.42, EX6200 before 1.0.3.88, EX7000 before 1.0.0.66, R6250 before 1.0.4.26, R6300v2 before 1.0.4.28, R6400 before 1.0.1.36, R6400v2 before 1.0.2.52, R6700 before 1.0.1.46, R6900 before 1.0.1.46, R7000 before 1.0.9.28, R6900P before 1.3.1.64, R7000P before 1.3.1.64, R7100LG before 1.0.0.46, R7300DST before 1.0.0.68, R7900 before 1.0.2.10, R8000 before 1.0.4.12, R7900P before 1.3.0.10, R8000P before 1.3.0.10, R8300 before 1.0.2.122, R8500 before 1.0.2.122, WN2500RPv2 before 1.0.1.54, WNDR3400v3 before 1.0.1.22, and WNR3500Lv2 before 1.2.0.54.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear d7000_firmware *
netgear r6900_firmware *
netgear r7000_firmware *
netgear r7900p_firmware *
netgear d6220_firmware *
netgear r7000p_firmware *
netgear wnr3500l_firmware *
netgear r8000_firmware *
netgear d6400_firmware *
netgear ex3800_firmware *
netgear r7300dst_firmware *
netgear ex6150_firmware *
netgear r6400_firmware *
netgear wndr3400_firmware *
netgear ex6120_firmware *
netgear wn2500rp_firmware *
netgear r8500_firmware *
netgear r6250_firmware *
netgear r6900p_firmware *
netgear dgn2200_firmware *
netgear r8300_firmware *
netgear ex6100_firmware *
netgear ex6200_firmware *
netgear ex6130_firmware *
netgear ex6000_firmware *
netgear d8500_firmware *
netgear ex7000_firmware *
netgear r6700_firmware *
netgear r7900_firmware *
netgear dgnd2200b_firmware *
netgear r6300_firmware *
netgear r7100lg_firmware *
netgear ex3700_firmware *
netgear r8000p_firmware *
CVE-2019-20734 MEDIUM

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D6220 before 1.0.0.40, D8500 before 1.0.3.39, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.22, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150v1 before 1.0.0.42, EX6200 before 1.0.3.88, EX7000 before 1.0.0.66, R6300v2 before 1.0.4.18, R6400 before 1.0.1.24, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6700v3 before 1.0.2.32, R6900 before 1.0.1.22, R7000 before 1.0.9.6, R6900P before 1.0.0.56, R7000P before 1.0.0.56, R7100LG before 1.0.0.42, R7300DST before 1.0.0.54, R7900 before 1.0.1.26, R8300 before 1.0.2.106, R8500 before 1.0.2.106, WN2500RPv2 before 1.0.1.54, and WNR3500Lv2 before 1.2.0.46. NOTE: this may be a result of an incomplete fix for CVE-2017-18864.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netgear r6900_firmware *
netgear r7000_firmware *
netgear d6220_firmware *
netgear r7000p_firmware *
netgear wnr3500l_firmware *
netgear ex3800_firmware *
netgear r7300dst_firmware *
netgear ex6150_firmware *
netgear r6400_firmware *
netgear ex6120_firmware *
netgear wn2500rp_firmware *
netgear r8500_firmware *
netgear r6900p_firmware *
netgear r8300_firmware *
netgear ex6100_firmware *
netgear ex6200_firmware *
netgear ex6130_firmware *
netgear ex6000_firmware *
netgear d8500_firmware *
netgear ex7000_firmware *
netgear r6700_firmware *
netgear r7900_firmware *
netgear r6300_firmware *
netgear r7100lg_firmware *
netgear ex3700_firmware *
CVE-2019-20735 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before V1.0.0.75, D6100 before V1.0.0.63, R7800 before v1.0.2.52, R8900 before v1.0.4.2, R9000 before v1.0.4.2, RBK50 before v2.3.0.32, RBR50 before v2.3.0.32, RBS50 before v2.3.0.32, WNDR3700v4 before V1.0.2.102, WNDR4300v1 before V1.0.2.104, WNDR4300v2 before v1.0.0.58, WNDR4500v3 before v1.0.0.58, WNR2000v5 before v1.0.0.68, and XR500 before V2.3.2.32.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear rbs50_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear d6100_firmware *
netgear d6000_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear wndr4500_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear d3600_firmware *
netgear r8900_firmware *
netgear wnr2000_firmware *
CVE-2019-20736 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6000 before 1.0.0.72, D6100 before 1.0.0.63, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear d6100_firmware *
netgear r8900_firmware *
netgear d6000_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear wnr2000_firmware *
netgear wndr4500_firmware *
CVE-2019-20737 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6220 before 1.0.0.44, D6400 before 1.0.0.78, D7000v2 before 1.0.0.51, D8500 before 1.0.3.42, DGN2200v4 before 1.0.0.106, DGND2200Bv4 before 1.0.0.106, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.24, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150v1 before 1.0.0.42, EX6200 before 1.0.3.88, EX7000 before 1.0.0.66, R6400 before 1.0.1.42, R6700 before 1.0.1.46, R6700v3 before 1.0.2.52, R6900 before 1.0.1.46, R7000 before 1.0.9.28, R7900P before 1.3.0.10, R8000P before 1.3.0.10, R8300 before 1.0.2.122, R8500 before 1.0.2.122, WN2500RPv2 before 1.0.1.54, WNDR3400v3 before 1.0.1.24, and WNR3500Lv2 before 1.2.0.54.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear d7000_firmware *
netgear r6900_firmware *
netgear r7000_firmware *
netgear r7900p_firmware *
netgear d6220_firmware *
netgear wnr3500l_firmware *
netgear d6400_firmware *
netgear ex3800_firmware *
netgear ex6150_firmware *
netgear r6400_firmware *
netgear wndr3400_firmware *
netgear ex6120_firmware *
netgear wn2500rp_firmware *
netgear r8500_firmware *
netgear dgn2200_firmware *
netgear r8300_firmware *
netgear ex6100_firmware *
netgear ex6200_firmware *
netgear ex6130_firmware *
netgear ex6000_firmware *
netgear d8500_firmware *
netgear ex7000_firmware *
netgear r6700_firmware *
netgear dgnd2200b_firmware *
netgear ex3700_firmware *
netgear r8000p_firmware *
CVE-2019-20738 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D6100 before 1.0.0.58, D7800 before 1.0.1.34, JNR1010v2 before 1.1.0.50, JWNR2010v5 before 1.1.0.50, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, R6020 before 1.0.0.30, R6080 before 1.0.0.30, R6100 before 1.0.1.16, R6120 before 1.0.0.40, R6700v2 before 1.2.0.14, R6800 before 1.2.0.14, R6900v2 before 1.2.0.14, R7500v2 before 1.0.3.26, R7800 before 1.0.2.46, R9000 before 1.0.4.2, WN3000RPv2 before 1.0.0.52, WN3000RPv3 before 1.0.2.78, WNDR3700v4 before 1.0.2.102, WNDR3700v5 before 1.1.0.54, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.50, WNR2000v5 before 1.0.0.64, WNR2020 before 1.1.0.50, and WNR2050 before 1.1.0.50. NOTE: this may be a result of an incomplete fix for CVE-2017-18866.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear rbs50_firmware *
netgear wnr2050_firmware *
netgear r6900_firmware *
netgear r6080_firmware *
netgear wnr1000_firmware *
netgear wndr4300_firmware *
netgear r6100_firmware *
netgear d6100_firmware *
netgear r6020_firmware *
netgear wndr4500_firmware *
netgear rbr50_firmware *
netgear jwnr2010_firmware *
netgear r6800_firmware *
netgear r7800_firmware *
netgear r6700_firmware *
netgear jnr1010_firmware *
netgear r9000_firmware *
netgear d7800_firmware *
netgear rbk50_firmware *
netgear wn3000rp_firmware *
netgear r7500_firmware *
netgear wnr2020_firmware *
netgear wnr2000_firmware *
netgear r6120_firmware *
CVE-2019-20739 MEDIUM

NETGEAR R8500 devices before v1.0.2.128 are affected by a buffer overflow by an unauthenticated attacker.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netgear r8500_firmware *
CVE-2019-20740 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects DGN2200v4 before 1.0.0.110, DGND2200Bv4 before 1.0.0.109, R7300 before 1.0.0.70, R8300 before 1.0.2.130, and R8500 before 1.0.2.130.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear dgnd2200b_firmware *
netgear r7300_firmware *
netgear r8500_firmware *
netgear dgn2200_firmware *
netgear r8300_firmware *
CVE-2019-20741 MEDIUM

NETGEAR WAC510 devices before 5.0.10.2 are affected by disclosure of sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear wac510_firmware *
CVE-2019-20742 LOW

NETGEAR WAC510 devices before 8.0.1.3 are affected by stored XSS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.2 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.1 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear wac510_firmware *
CVE-2019-20743 LOW

NETGEAR WAC510 devices before 8.0.1.3 are affected by stored XSS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.2 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.1 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear wac510_firmware *
CVE-2019-20744 LOW

NETGEAR WAC510 devices before 5.0.10.2 are affected by disclosure of sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.9 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear wac510_firmware *
CVE-2019-20745 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WAC505 before 5.0.10.2 and WAC510 before 5.0.10.2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear wac505_firmware *
netgear wac510_firmware *
CVE-2019-20746 LOW

Certain NETGEAR devices are affected by reflected XSS. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7800 before 1.0.2.58, R8900 before 1.0.4.12, R9000 before 1.0.4.8, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBS40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.60, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.68.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear rbs50_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear d6000_firmware *
netgear r9000_firmware *
netgear wn3100rp_firmware *
netgear wndr4500_firmware *
netgear d7800_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear d3600_firmware *
netgear dm200_firmware *
netgear rbs20_firmware *
netgear rbk20_firmware *
netgear wn3000rp_firmware *
netgear r8900_firmware *
netgear rbk40_firmware *
netgear rbr20_firmware *
netgear wnr2000_firmware *
CVE-2019-20747 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.58, D7800 before 1.0.1.40, R7500v2 before 1.0.3.34, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.3.16, RAX120 before 1.0.0.74, RBK20 before 2.3.0.22, RBR20 before 2.3.0.22, RBS20 before 2.3.0.22, RBK50 before 2.3.0.22, RBR50 before 2.3.0.22, RBS50 before 2.3.0.22, RBK40 before 2.3.0.22, RBS40 before 2.3.0.22, SRK60 before 2.2.0.64, SRR60 before 2.2.0.64, SRS60 before 2.2.0.64, WNDR3700v4 before 1.0.2.102, WNDR4300 before 1.0.2.104, WNDR4300v2 before 1.0.0.56, WNDR4500v3 before 1.0.0.56, and WNR2000v5 before 1.0.0.66.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear wndr3700_firmware *
netgear rbs50_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear d6100_firmware *
netgear srr60_firmware *
netgear r9000_firmware *
netgear wndr4500_firmware *
netgear rax120_firmware *
netgear d7800_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear srs60_firmware *
netgear rbs20_firmware *
netgear rbk20_firmware *
netgear r8900_firmware *
netgear r7500_firmware *
netgear rbk40_firmware *
netgear rbr20_firmware *
netgear srk60_firmware *
netgear wnr2000_firmware *
CVE-2019-20748 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.44, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBS40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, and RBS50 before 2.3.0.32.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear d7800_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear rbs50_firmware *
netgear r7800_firmware *
netgear rbs20_firmware *
netgear rbk20_firmware *
netgear r7500_firmware *
netgear rbk40_firmware *
netgear rbr20_firmware *
CVE-2019-20749 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.47, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.12, R9000 before 1.0.4.12, WN2000RPTv3 before 1.0.1.32, WN3000RPv3 before 1.0.2.70, and WN3100RPv2 before 1.0.0.66.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear ex6100_firmware *
netgear d7800_firmware *
netgear ex6150_firmware *
netgear wn2000rpt_firmware *
netgear r7800_firmware *
netgear wn3000rp_firmware *
netgear r8900_firmware *
netgear r7500_firmware *
netgear r9000_firmware *
netgear wn3100rp_firmware *
CVE-2019-20750 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.47, EX6150v2 before 1.0.1.76, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.12, R9000 before 1.0.4.12, WN2000RPTv3 before 1.0.1.32, WN3000RPv3 before 1.0.2.70, and WN3100RPv2 before 1.0.0.66.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear ex6100_firmware *
netgear d7800_firmware *
netgear ex6150_firmware *
netgear wn2000rpt_firmware *
netgear r7800_firmware *
netgear wn3000rp_firmware *
netgear r8900_firmware *
netgear r7500_firmware *
netgear r9000_firmware *
netgear wn3100rp_firmware *
CVE-2019-20751 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.60, DM200 before 1.0.0.61, EX2700 before 1.0.1.48, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.72, EX8000 before 1.0.1.180, R7800 before 1.0.2.52, R8900 before 1.0.4.26, R9000 before 1.0.4.26, WN2000RPTv3 before 1.0.1.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.66, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.68.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear ex6100_firmware *
netgear ex8000_firmware *
netgear ex6200_firmware *
netgear wndr4300_firmware *
netgear wn2000rpt_firmware *
netgear r7800_firmware *
netgear d6100_firmware *
netgear r9000_firmware *
netgear wn3100rp_firmware *
netgear wndr4500_firmware *
netgear ex6150_firmware *
netgear dm200_firmware *
netgear wn3000rp_firmware *
netgear r8900_firmware *
netgear ex2700_firmware *
netgear wnr2000_firmware *
CVE-2019-20752 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7800 before 1.0.2.58, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBS40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.60, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.68.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear rbs50_firmware *
netgear wndr4300_firmware *
netgear r7800_firmware *
netgear d6000_firmware *
netgear r9000_firmware *
netgear wn3100rp_firmware *
netgear wndr4500_firmware *
netgear d7800_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear d3600_firmware *
netgear dm200_firmware *
netgear rbs20_firmware *
netgear rbk20_firmware *
netgear wn3000rp_firmware *
netgear r8900_firmware *
netgear rbk40_firmware *
netgear rbr20_firmware *
netgear wnr2000_firmware *
CVE-2019-20753 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects DGN2200v1 before 1.0.0.58, D8500 before 1.0.3.42, D7000v2 before 1.0.0.51, D6400 before 1.0.0.78, D6220 before 1.0.0.44, JNDR3000 before 1.0.0.24, R8000 before 1.0.4.18, R8500 before 1.0.2.122, R8300 before 1.0.2.122, R7900 before 1.0.2.16, R7000P before 1.3.2.34, R7300DST before 1.0.0.68, R7100LG before 1.0.0.46, R6900P before 1.3.2.34, R7000 before 1.0.9.28, R6900 before 1.0.1.46, R6700 before 1.0.1.46, R6400v2 before 1.0.2.56, R6400 before 1.0.1.42, R6300v2 before 1.0.4.28, R6250 before 1.0.4.26, WNDR3400v3 before 1.0.1.22, WNDR4500v2 before 1.0.0.72, and WNR3500Lv2 before 1.2.0.50.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear d7000_firmware *
netgear r6900_firmware *
netgear r7000_firmware *
netgear d6220_firmware *
netgear r7000p_firmware *
netgear wnr3500l_firmware *
netgear d8500_firmware *
netgear r6700_firmware *
netgear r8000_firmware *
netgear d6400_firmware *
netgear wndr4500_firmware *
netgear r7900_firmware *
netgear r7300dst_firmware *
netgear jndr3000_firmware *
netgear r6300_firmware *
netgear r6400_firmware *
netgear wndr3400_firmware *
netgear r7100lg_firmware *
netgear r8500_firmware *
netgear r6250_firmware *
netgear r6900p_firmware *
netgear dgn2200_firmware *
netgear r8300_firmware *
CVE-2019-20754 MEDIUM

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects DGN2200 before 1.0.0.58, DGN2200B before 1.0.0.58, D8500 before 1.0.3.42, D7000v2 before 1.0.0.51, D6400 before 1.0.0.80, D6220 before 1.0.0.44, EX7000 before 1.0.0.66, EX6200 before 1.0.3.88, EX6150 before 1.0.0.42, EX7500 before 1.0.0.46, JNDR3000 before 1.0.0.24, R8000 before 1.0.4.18, R8500 before 1.0.2.122, R8300 before 1.0.2.122, R7900P before 1.4.0.10, R8000P before 1.4.0.10, R7900 before 1.0.2.16, R7000P before 1.3.1.44, R7300DST before 1.0.0.68, R7100LG before 1.0.0.46, R6900P before 1.3.1.44, R7000 before 1.0.9.32, R6900 before 1.0.1.46, R6700 before 1.0.1.46, R6400v2 before 1.0.2.56, R6400 before 1.0.1.42, R6300v2 before 1.0.4.28, R6250 before 1.0.4.26, WNDR4500v2 before 1.0.0.72, and WNR3500Lv2 before 1.2.0.54.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netgear d7000_firmware *
netgear r6900_firmware *
netgear r7000_firmware *
netgear r7900p_firmware *
netgear d6220_firmware *
netgear r7000p_firmware *
netgear wnr3500l_firmware *
netgear r8000_firmware *
netgear d6400_firmware *
netgear wndr4500_firmware *
netgear r7300dst_firmware *
netgear ex6150_firmware *
netgear ex7500_firmware *
netgear r6400_firmware *
netgear r8500_firmware *
netgear r6250_firmware *
netgear r6900p_firmware *
netgear dgn2200_firmware *
netgear dgn2200b_firmware *
netgear r8300_firmware *
netgear ex6200_firmware *
netgear d8500_firmware *
netgear ex7000_firmware *
netgear r6700_firmware *
netgear r7900_firmware *
netgear jndr3000_firmware *
netgear r6300_firmware *
netgear r7100lg_firmware *
netgear r8000p_firmware *
CVE-2019-20755 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6220 before 1.0.0.46, D6400 before 1.0.0.80, D7000v2 before 1.0.0.51, D8500 before 1.0.3.42, DGN2200v1 before 1.0.0.58, DGN2200B before 1.0.0.58, JNDR3000 before 1.0.0.24, RBW30 before 2.1.4.16, R6250 before 1.0.4.26, R6300v2 before 1.0.4.28, R6400 before 1.0.1.42, R6400v2 before 1.0.2.56, R6700 before 1.0.1.46, R6900 before 1.0.1.46, R7000 before 1.0.9.32, R6900P before 1.3.1.44, R7100LG before 1.0.0.46, R7300DST before 1.0.0.68, R7000P before 1.3.1.44, R7900 before 1.0.2.16, R8000P before 1.4.0.10, R7900P before 1.4.0.10, R8300 before 1.0.2.122, R8500 before 1.0.2.122, R8000 before 1.0.4.18, WNDR3400v3 before 1.0.1.22, WNDR4500v2 before 1.0.0.72, WNR3500Lv2 before 1.2.0.54, WN3100RP before 1.0.0.20, and WN2500RPv2 before 1.0.1.54.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear d7000_firmware *
netgear r6900_firmware *
netgear r7000_firmware *
netgear r7900p_firmware *
netgear d6220_firmware *
netgear r7000p_firmware *
netgear wnr3500l_firmware *
netgear r8000_firmware *
netgear d6400_firmware *
netgear wn3100rp_firmware *
netgear wndr4500_firmware *
netgear r7300dst_firmware *
netgear r6400_firmware *
netgear wndr3400_firmware *
netgear wn2500rp_firmware *
netgear r8500_firmware *
netgear r6250_firmware *
netgear r6900p_firmware *
netgear dgn2200_firmware *
netgear dgn2200b_firmware *
netgear r8300_firmware *
netgear rbw30_firmware *
netgear d8500_firmware *
netgear r6700_firmware *
netgear r7900_firmware *
netgear jndr3000_firmware *
netgear r6300_firmware *
netgear r7100lg_firmware *
netgear r8000p_firmware *
CVE-2019-20756 MEDIUM

Certain NETGEAR devices are affected by reflected XSS. This affects EX7000 before 1.0.0.64, EX6200 before 1.0.3.86, EX6150 before 1.0.0.38, EX6130 before 1.0.0.22, EX6120 before 1.0.0.40, EX6100 before 1.0.2.22, EX6000 before 1.0.0.30, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, R8300 before 1.0.2.94, R7300DST before 1.0.0.62, R7000P before 1.3.0.20, R6900P before 1.3.0.20, R6400 before 1.0.1.32, R6300v2 before 1.0.4.24, R8500 before 1.0.2.94, WNDR3400v3 before 1.0.1.18, and WN2500RPv2 before 1.0.1.52.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear ex6100_firmware *
netgear ex6200_firmware *
netgear ex6130_firmware *
netgear ex6000_firmware *
netgear r7000p_firmware *
netgear ex7000_firmware *
netgear ex3800_firmware *
netgear r7300dst_firmware *
netgear ex6150_firmware *
netgear r6300_firmware *
netgear r6400_firmware *
netgear wndr3400_firmware *
netgear ex6120_firmware *
netgear ex3700_firmware *
netgear wn2500rp_firmware *
netgear r8500_firmware *
netgear r6900p_firmware *
netgear r8300_firmware *
CVE-2019-20757 MEDIUM

NETGEAR R7800 devices before 1.0.2.62 are affected by command injection by an authenticated user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear r7800_firmware *
CVE-2019-20758 MEDIUM

NETGEAR R7000 devices before 1.0.9.42 are affected by a buffer overflow by an authenticated user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netgear r7000_firmware *
CVE-2019-20759 LOW

NETGEAR R9000 devices before 1.0.4.26 are affected by stored XSS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.2 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.1 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear r9000_firmware *
CVE-2019-20760 MEDIUM

NETGEAR R9000 devices before 1.0.4.26 are affected by authentication bypass.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear r9000_firmware *
CVE-2019-20761 MEDIUM

NETGEAR R7800 devices before 1.0.2.62 are affected by command injection by an authenticated user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear r7800_firmware *
CVE-2019-20762 MEDIUM

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D8500 before 1.0.3.43, R8500 before 1.0.2.128, R8300 before 1.0.2.128, R8000 before 1.0.4.28, R7300DST before 1.0.0.68, R7100LG before 1.0.0.48, R6900P before 1.3.1.44, R7900P before 1.4.1.30, R8000P before 1.4.1.30, R7000P before 1.3.1.44, R7000 before 1.0.9.34, R6900 before 1.0.2.4, R6700 before 1.0.2.6, and R6400 before 1.0.1.44.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netgear r6900_firmware *
netgear r7000_firmware *
netgear r7900p_firmware *
netgear r7000p_firmware *
netgear d8500_firmware *
netgear r6700_firmware *
netgear r8000_firmware *
netgear r7300dst_firmware *
netgear r6400_firmware *
netgear r7100lg_firmware *
netgear r8000p_firmware *
netgear r8500_firmware *
netgear r6900p_firmware *
netgear r8300_firmware *
CVE-2019-20763 MEDIUM

NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based buffer overflow by an authenticated user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear r7800_firmware *
CVE-2019-20764 MEDIUM

NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based buffer overflow by an authenticated user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear r7800_firmware *
CVE-2019-20765 MEDIUM

NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based buffer overflow by an authenticated user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear r7800_firmware *
CVE-2019-20766 MEDIUM

NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based buffer overflow by an authenticated user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear r7800_firmware *
CVE-2019-20767 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.60, D3600 before 1.0.0.75, D6000 before 1.0.0.75, R9000 before 1.0.4.26, R8900 before 1.0.4.26, R7800 before 1.0.2.52, WNDR4500v3 before 1.0.0.58, WNDR4300v2 before 1.0.0.58, WNDR4300 before 1.0.2.104, WNDR3700v4 before 1.0.2.102, and WNR2000v5 before 1.0.0.66.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear wndr4300_firmware *
netgear d3600_firmware *
netgear r7800_firmware *
netgear d6100_firmware *
netgear r8900_firmware *
netgear d6000_firmware *
netgear r9000_firmware *
netgear wnr2000_firmware *
netgear wndr4500_firmware *
CVE-2019-5016 MEDIUM

An exploitable arbitrary memory read vulnerability exists in the KCodes NetUSB.ko kernel module which enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. A specially crafted index value can cause an invalid memory read, resulting in a denial of service or remote information disclosure. An unauthenticated attacker can send a crafted packet on the local network to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-200,

Products Affected

Vendor Product Version
netgear r7900_firmware 1.0.3.810.037
netgear r8000_firmware 1.0.4.28_10.1.54
kcodes netusb.ko 1.0.2.69
kcodes netusb.ko 1.0.2.66
CVE-2019-5017 MEDIUM

An exploitable information disclosure vulnerability exists in the KCodes NetUSB.ko kernel module that enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. An unauthenticated, remote attacker can craft and send a packet containing an opcode that will trigger the kernel module to return several addresses. One of which can be used to calculate the dynamic base address of the module for further exploitation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-200,

Products Affected

Vendor Product Version
netgear r8000_firmware 1.0.4.28_10.1.54
kcodes netusb.ko 1.0.2.66
CVE-2019-5054 MEDIUM

An exploitable denial-of-service vulnerability exists in the session handling functionality of the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) HTTP server. An HTTP request with an empty User-Agent string sent to a page requiring authentication can cause a null pointer dereference, resulting in the HTTP service crashing. An unauthenticated attacker can send a specially crafted HTTP request to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,CWE-476,

Products Affected

Vendor Product Version
netgear wnr2000_firmware 1.0.0.70
CVE-2019-5055 MEDIUM

An exploitable denial-of-service vulnerability exists in the Host Access Point Daemon (hostapd) on the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) wireless router. A SOAP request sent in an invalid sequence to the <WFAWLANConfig:1#PutMessage> service can cause a null pointer dereference, resulting in the hostapd service crashing. An unauthenticated attacker can send a specially-crafted SOAP request to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,CWE-476,

Products Affected

Vendor Product Version
netgear wnr2000_firmware 1.0.0.70
CVE-2020-10923 HIGH

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on TCP port 5000. A crafted UPnP message can be used to bypass authentication. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-9642.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-305,

Products Affected

Vendor Product Version
netgear r6700_firmware 1.0.4.84_10.0.58
CVE-2020-10924 HIGH

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the UPnP service, which listens on TCP port 5000 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9643.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-121,

Products Affected

Vendor Product Version
netgear r6700_firmware 1.0.4.84_10.0.58
CVE-2020-10925 HIGH

This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-9647.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-295,

Products Affected

Vendor Product Version
netgear r6700_firmware 1.0.4.84_10.0.58
CVE-2020-10926 HIGH

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of firmware updates. The issue results from the lack of proper validation of the firmware image prior to performing an upgrade. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9648.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-494,

Products Affected

Vendor Product Version
netgear r6700_firmware 1.0.4.84_10.0.58
CVE-2020-10927 HIGH

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the encryption of firmware update images. The issue results from the use of an inappropriate encryption algorithm. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9649.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-327,CWE-327,

Products Affected

Vendor Product Version
netgear r6700_firmware 1.0.4.84_10.0.58
CVE-2020-10928 MEDIUM

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the web server. Was ZDI-CAN-9767.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.5 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-122,

Products Affected

Vendor Product Version
netgear r6700_firmware 1.0.4.84_10.0.58
CVE-2020-10929 HIGH

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-9768.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-680,CWE-190,

Products Affected

Vendor Product Version
netgear r6700_firmware 1.0.4.84_10.0.58
CVE-2020-10930 LOW

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of URLs. The issue results from the lack of proper routing of URLs. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-9618.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-284,NVD-CWE-Other,

Products Affected

Vendor Product Version
netgear r6700_firmware 1.0.4.84_10.0.58
CVE-2020-11549 HIGH

An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 V2.5.1.106. The root account has the same password as the Web-admin component. Thus, by exploiting CVE-2020-11551, it is possible to achieve remote code execution with root privileges on the embedded Linux system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
netgear srr60_firmware 2.5.1.106
netgear srs60_firmware 2.5.1.106
netgear rbs50y_firmware 2.5.1.106
CVE-2020-11550 LOW

An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 V2.5.1.106. The administrative SOAP interface allows an unauthenticated remote leak of sensitive/arbitrary Wi-Fi information, such as SSIDs and Pre-Shared-Keys (PSK).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear srr60_firmware 2.5.1.106
netgear srs60_firmware 2.5.1.106
netgear rbs50y_firmware 2.5.1.106
CVE-2020-11551 MEDIUM

An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 V2.5.1.106. The administrative SOAP interface allows an unauthenticated remote write of arbitrary Wi-Fi configuration data such as authentication details (e.g., the Web-admin password), network settings, DNS settings, system administration interface configuration, etc.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,CWE-330,

Products Affected

Vendor Product Version
netgear srr60_firmware 2.5.1.106
netgear srs60_firmware 2.5.1.106
netgear rbs50y_firmware 2.5.1.106
CVE-2020-11768 LOW

Certain NETGEAR devices are affected by Stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, RBK50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear rbs50_firmware *
netgear r7800_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rax120_firmware *
netgear d7800_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear rbs20_firmware *
netgear rbk20_firmware *
netgear xr700_firmware *
netgear r8900_firmware *
netgear r7500_firmware *
netgear rbk40_firmware *
netgear rbr40_firmware *
netgear rbr20_firmware *
CVE-2020-11769 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBK50 before 2.3.5.30, RBS50 before 2.3.5.30, RBK50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear rbs50_firmware *
netgear r7800_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rax120_firmware *
netgear d7800_firmware *
netgear rbk50_firmware *
netgear rbs20_firmware *
netgear rbk20_firmware *
netgear xr700_firmware *
netgear r8900_firmware *
netgear r7500_firmware *
netgear rbk40_firmware *
netgear rbr40_firmware *
netgear rbr20_firmware *
CVE-2020-11770 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6220 before 1.0.0.52, D6400 before 1.0.0.86, D7000v2 before 1.0.0.53, D8500 before 1.0.3.44, R6220 before 1.1.0.80, R6250 before 1.0.4.34, R6260 before 1.1.0.64, R6400 before 1.0.1.46, R6400v2 before 1.0.2.66, R6700 before 1.0.2.6, R6700v2 before 1.2.0.36, R6700v3 before 1.0.2.66, R6800 before 1.2.0.36, R6900 before 1.0.2.4, R6900P before 1.3.1.64, R6900v2 before 1.2.0.36, R7000 before 1.0.9.42, R7000P before 1.3.1.64, R7100LG before 1.0.0.50, R7300DST before 1.0.0.70, R7800 before 1.0.2.60, R7900 before 1.0.3.8, R7900P before 1.4.1.30, R8000 before 1.0.4.28, R8000P before 1.4.1.30, R8300 before 1.0.2.128, R8500 before 1.0.2.128, R8900 before 1.0.4.12, R9000 before 1.0.4.12, and XR500 before 2.3.2.32.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear r6260_firmware *
netgear d7000_firmware *
netgear r6900_firmware *
netgear r7000_firmware *
netgear r7900p_firmware *
netgear d6220_firmware *
netgear r7000p_firmware *
netgear r8000_firmware *
netgear d6400_firmware *
netgear r7300dst_firmware *
netgear r6400_firmware *
netgear r8500_firmware *
netgear r6800_firmware *
netgear r6250_firmware *
netgear r6900p_firmware *
netgear r8300_firmware *
netgear d8500_firmware *
netgear r7800_firmware *
netgear r6700_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear r7900_firmware *
netgear r7100lg_firmware *
netgear r8900_firmware *
netgear r8000p_firmware *
netgear r6220_firmware *
CVE-2020-11771 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear r7800_firmware *
netgear xr700_firmware *
netgear r8900_firmware *
netgear r7500_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rax120_firmware *
CVE-2020-11772 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear r7800_firmware *
netgear xr700_firmware *
netgear r8900_firmware *
netgear r7500_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rax120_firmware *
CVE-2020-11773 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear r7800_firmware *
netgear xr700_firmware *
netgear r8900_firmware *
netgear r7500_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rax120_firmware *
CVE-2020-11774 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear r7800_firmware *
netgear xr700_firmware *
netgear r8900_firmware *
netgear r7500_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rax120_firmware *
CVE-2020-11775 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, RBK50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear rbs50_firmware *
netgear r7800_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rax120_firmware *
netgear d7800_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear rbs20_firmware *
netgear rbk20_firmware *
netgear xr700_firmware *
netgear r8900_firmware *
netgear r7500_firmware *
netgear rbk40_firmware *
netgear rbr40_firmware *
netgear rbr20_firmware *
CVE-2020-11776 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear r7800_firmware *
netgear xr700_firmware *
netgear r8900_firmware *
netgear r7500_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rax120_firmware *
CVE-2020-11777 LOW

Certain NETGEAR devices are affected by Stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear r7800_firmware *
netgear xr700_firmware *
netgear r8900_firmware *
netgear r7500_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rax120_firmware *
CVE-2020-11778 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear r7800_firmware *
netgear xr700_firmware *
netgear r8900_firmware *
netgear r7500_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rax120_firmware *
CVE-2020-11779 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear r7800_firmware *
netgear xr700_firmware *
netgear r8900_firmware *
netgear r7500_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rax120_firmware *
CVE-2020-11780 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear r7800_firmware *
netgear xr700_firmware *
netgear r8900_firmware *
netgear r7500_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rax120_firmware *
CVE-2020-11781 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, RBK50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear rbs50_firmware *
netgear r7800_firmware *
netgear xr700_firmware *
netgear r8900_firmware *
netgear r7500_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rax120_firmware *
CVE-2020-11782 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear r7800_firmware *
netgear xr700_firmware *
netgear r8900_firmware *
netgear r7500_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rax120_firmware *
CVE-2020-11783 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear r7800_firmware *
netgear xr700_firmware *
netgear r8900_firmware *
netgear r7500_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rax120_firmware *
CVE-2020-11784 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, RBK50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear rbs50_firmware *
netgear r7800_firmware *
netgear xr700_firmware *
netgear r8900_firmware *
netgear r7500_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rax120_firmware *
CVE-2020-11785 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, RBK50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear rbs50_firmware *
netgear r7800_firmware *
netgear xr700_firmware *
netgear r8900_firmware *
netgear r7500_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rax120_firmware *
CVE-2020-11786 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, RBK50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear rbs50_firmware *
netgear r7800_firmware *
netgear xr700_firmware *
netgear r8900_firmware *
netgear r7500_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rax120_firmware *
CVE-2020-11787 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, RBK50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear rbs50_firmware *
netgear r7800_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rax120_firmware *
netgear d7800_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear rbs20_firmware *
netgear rbk20_firmware *
netgear xr700_firmware *
netgear r8900_firmware *
netgear r7500_firmware *
netgear rbk40_firmware *
netgear rbr40_firmware *
netgear rbr20_firmware *
CVE-2020-11788 MEDIUM

Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.34, D7000 before 1.0.1.68, PR2000 before 1.0.0.28, R6050 before 1.0.1.18, JR6150 before 1.0.1.18, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6230 before 1.1.0.80, R6260 before 1.1.0.64, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, and R6900v2 before 1.2.0.36.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear r6260_firmware *
netgear r6230_firmware *
netgear d7000_firmware *
netgear r6900_firmware *
netgear r6050_firmware *
netgear r6700_firmware *
netgear d6200_firmware *
netgear r6220_firmware *
netgear jr6150_firmware *
netgear r6800_firmware *
netgear pr2000_firmware *
netgear r6120_firmware *
CVE-2020-11789 HIGH

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects R6400v2 before 1.0.4.84, R6700 before 1.0.2.8, R6700v3 before 1.0.4.84, R6900 before 1.0.2.8, and R7900 before 1.0.3.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear r7900_firmware *
netgear r6900_firmware *
netgear r6400_firmware *
netgear r6700_firmware *
CVE-2020-11790 HIGH

NETGEAR R7800 devices before 1.0.2.68 are affected by remote code execution by unauthenticated attackers.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear r7800_firmware *
CVE-2020-11791 MEDIUM

NETGEAR JGS516PE devices before 2.6.0.43 are affected by reflected XSS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear jgs516pe_firmware *
CVE-2020-11792 MEDIUM

NETGEAR R8900, R9000, RAX120, and XR700 devices before 2020-01-20 are affected by Transport Layer Security (TLS) certificate private key disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
netgear xr700_firmware -
netgear r9000_firmware -
netgear r8900_firmware -
netgear rax120_firmware -
CVE-2020-12695 HIGH

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H 2.2 4.7

CVSS 2.0

Severity: HIGH

Problem Type: CWE-276,

Products Affected

Vendor Product Version
epson xp-330 -
hp envy_5548_k7g87a -
hp deskjet_ink_advantage_4535_f0v64a -
hp envy_5642_b9s64a -
hp officejet_4656_k9v81b -
hp deskjet_ink_advantage_4675_f1h97c -
hp envy_4504_c8d04a -
hp hp_envy_4525_k9t09b -
hp envy_5640_b9s56a -
hp hp_officejet_4654_f1j07b -
hp envy_photo_7822_y0g42d -
hp envy_4524_k9t01a -
epson xp-4100 -
hp deskjet_ink_advantage_3545_a9t81c -
epson xp-2105 -
hp hp_deskjet_ink_advantage_4535_f0v64c -
epson m571t -
hp hp_deskjet_ink_advantage_4535_f0v64a -
hp deskjet_ink_advantage_4678_f1h99b -
hp envy_pro_6420_5se45b -
hp envy_4500_a9t80a -
fedoraproject fedora 32
hp envy_6020_5se17a -
hp deskjet_ink_advantage_4535_f0v64b -
hp envy_4521_k9t10b -
hp envy_5000_z4a74a -
epson xp-320 -
hp envy_4520_f0v69a -
hp envy_photo_6252_k7g22a -
huawei hg255s -
epson xp-2101 -
hp envy_5539 -
epson xp-8600 -
hp envy_4508_e6g72b -
hp envy_5543_n9u88a -
microsoft windows_10 -
broadcom adsl -
hp deskjet_ink_advantage_4518 -
netgear wnhde111 -
hp envy_5535 -
hp envy_pro_6420_5se46a -
epson xp-440 -
hp hp_deskjet_ink_advantage_4678_f1h99b -
hp envy_5541_k7g89a -
hp deskjet_ink_advantage_4538_f0v66b -
hp envy_photo_7800_y0g52b -
hp hp_officejet_4655_k9v79a -
asus rt-n11 -
epson xp-8500 -
hp envy_4520_f0v63a -
hp officejet_4655_k9v82b -
hp hp_officejet_4658_v6d30b -
hp envy_5536 -
hp envy_photo_6234_k7s21b -
hp envy_4526_k9t05b -
hp hp_envy_4526_k9t05b -
hp envy_100_cn519b -
hp envy_photo_7100_k7g99a -
hp deskjet_ink_advantage_3545_a9t83b -
huawei hg532e -
hp envy_111_cq810a -
hp hp_envy_4524_f0v72b -
canon selphy_cp1200 -
hp envy_photo_7155_z3m52a -
hp envy_110_cq809c -
hp envy_5531 -
hp hp_envy_4524_k9t01a -
hp envy_110_cq812c -
hp envy_5000_m2u91a *
hp hp_envy_4511_k9h50a -
hp hp_envy_4520_f0v63b -
zte zxv10_w300 -
hp envy_photo_7800_k7r96a -
hp hp_envy_4527_j6u61b -
hp envy_5540_g0v52a -
hp envy_4520_e6g67b -
hp envy_photo_6200_k7s21b -
hp deskjet_ink_advantage_4675_f1h97a -
hp envy_4523_j6u60b -
hp envy_photo_6222_y0k14d -
hp 5020_z4a69a -
hp 5030_z4a70a -
hp envy_5000_m2u91a -
hp hp_envy_4522_f0v67a -
zyxel vmg8324-b10a -
hp envy_photo_6220_k7g20d -
hp envy_5544_k7c89a -
hp envy_photo_7822_y0g43d -
hp hp_envy_4524_f0v71b -
hp hp_deskjet_ink_advantage_4538_f0v66b -
hp hp_officejet_4650_f1h96a -
epson xp-620 -
epson xp-970 -
hp hp_envy_4523_j6u60b -
hp envy_5545_g0v50a -
epson xp-340 -
hp deskjet_ink_advantage_3548_a9t81b -
hp envy_photo_6200_y0k15a -
hp envy_5000_m2u85b -
hp hp_officejet_4657_v6d29b -
hp envy_4500_d3p93a -
hp hp_deskjet_ink_advantage_4535_f0v64b -
hp envy_photo_6232_k7g26b -
hp envy_4504_a9t88b -
cisco wap351 -
hp officejet_4655_f1j00a -
hp deskjet_ink_advantage_4515 -
hp deskjet_ink_advantage_5575_g0v48b -
hp officejet_4654_f1j07b -
canonical ubuntu_linux 20.04
hp officejet_4655_k9v79a -
cisco wap150 -
hp envy_photo_7100_3xd89a -
hp hp_deskjet_ink_advantage_4675_f1h97b -
hp officejet_4652_k9v84b -
hp envy_photo_7120_z3m41d -
hp envy_114_cq811a -
hp envy_7640 -
hp envy_7644_e4w46a -
hp envy_5542_k7c88a -
hp envy_4513_k9h51a -
hp hp_officejet_4655_k9v82b -
hp envy_4520_f0v63b -
hp envy_4501_c8d05a -
hp envy_4511_k9h50a -
hp envy_5640_b9s58a -
hp hp_deskjet_ink_advantage_4676_f1h98a -
hp officejet_4652_f1j05b -
hp deskjet_ink_advantage_4675_f1h97b -
hp officejet_4650_e6g87a -
hp envy_5544_k7c93a -
epson xp-100 -
hp envy_5000_z4a54a -
microsoft xbox_one 10.0.19041.2494
hp envy_4502_a9t87b -
hp deskjet_ink_advantage_3545_a9t81a -
debian debian_linux 10.0
hp envy_5664_f8b08a -
hp envy_4522_f0v67a -
hp envy_4502_a9t85a -
hp envy_6540_b9s59a -
hp hp_envy_4521_k9t10b -
hp envy_5532 -
epson xp-702 -
hp envy_photo_6200_y0k13d_ -
hp envy_photo_7100_z3m52a -
hp envy_4500_a9t80b -
hp envy_120_cz022c -
dlink dvg-n5412sp -
hp 5030_m2u92b -
hp deskjet_ink_advantage_5575_g0v48c -
debian debian_linux 9.0
epson ew-m970a3t -
hp envy_5643_b9s63a -
hp hp_envy_4520_f0v69a -
hp envy_5540_g0v47a -
hp officejet_4650_f1h96a -
hp envy_pro_6420_6wd16a -
hp officejet_4657_v6d29b -
hp hp_envy_4528_k9t08b -
ui unifi_controller -
hp envy_120_cz022a -
hp envy_pro_6455_5se45a -
hp hp_deskjet_ink_advantage_4675_f1h97a -
hp officejet_4654_f1j06b -
hp envy_photo_7800_k7s00a -
hp envy_6055_5se16a -
dell b1165nfw -
hp hp_envy_4520_f0v63a -
hp envy_4524_f0v71b -
hp envy_6020_6wd35a -
epson xp-241 -
hp envy_114_cq812a -
hp envy_5540_k7c85a -
hp envy_photo_6220_k7g21b -
epson ep-101 -
cisco wap131 -
hp envy_5000_m2u94b -
hp envy_photo_7830_y0g50b -
hp hp_officejet_4654_f1j06b -
hp envy_6052_5se18a -
hp hp_officejet_4652_f1j02a -
fedoraproject fedora 31
hp envy_photo_7164_k7g99a -
hp envy_photo_6200_k7g18a -
hp envy_5540_g0v51a -
hp envy_5646_f8b05a -
hp envy_4520_e6g67a -
hp hp_officejet_4655_f1j00a -
nec wr8165n -
hp hp_envy_4513_k9h51a -
hp 5660_f8b04a -
hp envy_100_cn517c -
hp envy_pro_6420_6wd14a -
hp envy_5644_b9s65a -
hp envy_6020_7cz37a -
hp envy_114_cq811b -
hp deskjet_ink_advantage_4536_f0v65a -
hp envy_4509_d3p94b -
hp envy_photo_6222_y0k13d -
hp envy_110_cq809a -
hp envy_4525_k9t09b -
hp envy_4503_e6g71b -
hp envy_5665_f8b06a -
w1.fi hostapd *
hp hp_officejet_4650_e6g87a -
hp envy_100_cn517b -
zyxel amg1202-t10b -
hp officejet_4650_f1h96b -
hp envy_100_cn519a -
hp envy_4505_a9t86a -
hp envy_5020_m2u91b -
hp envy_photo_6230_k7g25b -
hp envy_120_cz022b -
hp envy_4507_e6g70b -
hp hp_envy_4516_k9h52a -
hp 5034_z4a74a -
hp deskjet_ink_advantage_3546_a9t82a -
hp envy_4516_k9h52a -
hp envy_5534 -
hp hp_officejet_4652_f1j05b -
hp envy_4500_a9t89a -
hp envy_110_cq809d -
hp envy_photo_6200_k7g26b -
hp envy_photo_7800_y0g42d -
hp envy_4509_d3p94a -
hp envy_5540_g0v53a -
hp envy_100_cn518a -
hp deskjet_ink_advantage_3456_a9t84c -
hp envy_5547_j6u64a -
hp hp_officejet_4650_f1h96b -
hp hp_officejet_4656_k9v81b -
hp envy_pro_6452_5se47a -
hp envy_5000_m2u85a -
hp envy_4524_f0v72b -
ruckussecurity zonedirector_1200 -
hp hp_deskjet_ink_advantage_4536_f0v65a -
hp envy_photo_7800_k7s10d -
hp envy_4528_k9t08b -
hp envy_100_cn517a -
hp envy_4512_k9h49a -
hp deskjet_ink_advantage_4676_f1h98a -
hp hp_envy_4512_k9h49a -
hp officejet_4652_f1j02a -
hp hp_officejet_4652_k9v84b -
hp officejet_4658_v6d30b -
hp deskjet_ink_advantage_4535_f0v64c -
hp envy_5546_k7c90a -
hp hp_envy_4520_e6g67a -
hp envy_5530 -
hp envy_photo_7100_z3m37a -
hp hp_deskjet_ink_advantage_4675_f1h97c -
hp hp_envy_4520_e6g67b -
hp envy_5540_f2e72a -
hp envy_6020_5se16b -
epson xp-4105 -
hp envy_photo_7100_k7g93a -
hp envy_7645_e4w44a -
hp envy_110_cq809b -
hp envy_4527_j6u61b -
epson xp-630 -
tp-link archer_c50 -
epson xp-960 -
CVE-2020-13245 MEDIUM

Certain NETGEAR devices are affected by Missing SSL Certificate Validation. This affects R7000 1.0.9.6_1.2.19 through 1.0.11.100_10.2.10, and possibly R6120, R7800, R6220, R8000, R6350, R9000, R6400, RAX120, R6400v2, RBR20, R6800, XR300, R6850, XR500, and R7000P.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
netgear r7000p_firmware *
netgear r7800_firmware *
netgear xr300_firmware *
netgear r8000_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rax120_firmware *
netgear r6350_firmware *
netgear r6850_firmware *
netgear r6400_firmware *
netgear r6220_firmware *
netgear r6800_firmware *
netgear rbr20_firmware *
netgear r6120_firmware *
CVE-2020-14426 LOW

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBK853 before 3.2.10.11, RBR850 before 3.2.10.11, RBS850 before 3.2.10.11, RBK842 before 3.2.10.11, RBR840 before 3.2.10.11, and RBS840 before 3.2.10.11.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbr840_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
netgear rbk753s_firmware *
netgear rbk752_firmware *
netgear rbk842_firmware *
netgear rbs840_firmware *
netgear rbk753_firmware *
netgear rbk853_firmware *
netgear rbs850_firmware *
CVE-2020-14427 LOW

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbr840_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
netgear rbk753s_firmware *
netgear rbk752_firmware *
netgear rbk842_firmware *
netgear rbs840_firmware *
netgear rbk753_firmware *
netgear rbk853_firmware *
netgear rbs850_firmware *
CVE-2020-14428 LOW

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbr840_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
netgear rbk753s_firmware *
netgear rbk752_firmware *
netgear rbk842_firmware *
netgear rbs840_firmware *
netgear rbk753_firmware *
netgear rbk853_firmware *
netgear rbs850_firmware *
CVE-2020-14429 MEDIUM

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects MK62 before 1.0.4.92, MK63 before 1.0.4.92, MR60 before 1.0.4.92, MS60 before 1.0.4.92, RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBS750 before 3.2.15.25, RBR750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbr840_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
netgear rbk753s_firmware *
netgear rbk752_firmware *
netgear mr60_firmware *
netgear ms60_firmware *
netgear rbk842_firmware *
netgear rbs840_firmware *
netgear rbk753_firmware *
netgear rbk853_firmware *
netgear rbs850_firmware *
netgear mk63_firmware *
netgear mk62_firmware *
CVE-2020-14430 LOW

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbr840_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
netgear rbk753s_firmware *
netgear rbk752_firmware *
netgear rbk842_firmware *
netgear rbs840_firmware *
netgear rbk753_firmware *
netgear rbk853_firmware *
netgear rbs850_firmware *
CVE-2020-14431 LOW

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbr840_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
netgear rbk753s_firmware *
netgear rbk752_firmware *
netgear rbk842_firmware *
netgear rbs840_firmware *
netgear rbk753_firmware *
netgear rbk853_firmware *
netgear rbs850_firmware *
CVE-2020-14432 MEDIUM

Certain NETGEAR devices are affected by CSRF. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbr840_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
netgear rbk753s_firmware *
netgear rbk752_firmware *
netgear rbk842_firmware *
netgear rbs840_firmware *
netgear rbk753_firmware *
netgear rbk853_firmware *
netgear rbs850_firmware *
CVE-2020-14433 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBK842 before 3.2.15.25, RBR850 before 3.2.15.25, RBS850 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, and RBS750 before 3.2.15.25.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbr840_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
netgear rbk753s_firmware *
netgear rbk752_firmware *
netgear rbk842_firmware *
netgear rbs840_firmware *
netgear rbk753_firmware *
netgear rbk853_firmware *
netgear rbs850_firmware *
CVE-2020-14434 HIGH

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, RBS850 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, and RBS840 before 3.2.15.25.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbr840_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
netgear rbk753s_firmware *
netgear rbk752_firmware *
netgear rbk842_firmware *
netgear rbs840_firmware *
netgear rbk753_firmware *
netgear rbk853_firmware *
netgear rbs850_firmware *
CVE-2020-14435 MEDIUM

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects SRK60 before 2.5.2.104, SRS60 before 2.5.2.104, SRR60 before 2.5.2.104, SRK60B03 before 2.5.2.104, SRK60B04 before 2.5.2.104, SRK60B05 before 2.5.2.104, and SRK60B06 before 2.5.2.104.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear srk60b03_firmware *
netgear srs60_firmware *
netgear srk60b06_firmware *
netgear srk60b05_firmware *
netgear srk60b04_firmware *
netgear srr60_firmware *
netgear srk60_firmware *
CVE-2020-14436 MEDIUM

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, RBS850 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, and RBS840 before 3.2.15.25.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbr840_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
netgear rbk753s_firmware *
netgear rbk752_firmware *
netgear rbk842_firmware *
netgear rbs840_firmware *
netgear rbk753_firmware *
netgear rbk853_firmware *
netgear rbs850_firmware *
CVE-2020-14437 MEDIUM

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbr840_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
netgear rbk753s_firmware *
netgear rbk752_firmware *
netgear rbk842_firmware *
netgear rbs840_firmware *
netgear rbk753_firmware *
netgear rbk853_firmware *
netgear rbs850_firmware *
CVE-2020-14438 MEDIUM

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbr840_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
netgear rbk753s_firmware *
netgear rbk752_firmware *
netgear rbk842_firmware *
netgear rbs840_firmware *
netgear rbk753_firmware *
netgear rbk853_firmware *
netgear rbs850_firmware *
CVE-2020-14439 MEDIUM

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbr840_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
netgear rbk753s_firmware *
netgear rbk752_firmware *
netgear rbk842_firmware *
netgear rbs840_firmware *
netgear rbk753_firmware *
netgear rbk853_firmware *
netgear rbs850_firmware *
CVE-2020-14440 MEDIUM

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbr840_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
netgear rbk753s_firmware *
netgear rbk752_firmware *
netgear rbk842_firmware *
netgear rbs840_firmware *
netgear rbk753_firmware *
netgear rbk853_firmware *
netgear rbs850_firmware *
CVE-2020-14441 MEDIUM

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbr840_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
netgear rbk753s_firmware *
netgear rbk752_firmware *
netgear rbk842_firmware *
netgear rbs840_firmware *
netgear rbk753_firmware *
netgear rbk853_firmware *
netgear rbs850_firmware *
CVE-2020-14442 MEDIUM

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbr840_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
netgear rbk753s_firmware *
netgear rbk752_firmware *
netgear rbk842_firmware *
netgear rbs840_firmware *
netgear rbk753_firmware *
netgear rbk853_firmware *
netgear rbs850_firmware *
CVE-2020-15416 HIGH

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9703.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-121,

Products Affected

Vendor Product Version
netgear r6700_firmware 1.0.4.84_10.0.58
CVE-2020-15417 MEDIUM

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. A crafted gui_region in a string table file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the web server. Was ZDI-CAN-9756.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 2.8 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-121,

Products Affected

Vendor Product Version
netgear r6700_firmware 1.0.4.84_10.0.58
CVE-2020-15634 MEDIUM

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 routers with firmware 1.0.4.84_10.0.58. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to execute code in the context of the web server. Was ZDI-CAN-9755.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 2.8 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-134,

Products Affected

Vendor Product Version
netgear r6700_firmware *
CVE-2020-15635 HIGH

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers with firmware 1.0.4.84_10.0.58. Authentication is not required to exploit this vulnerability. The specific flaw exists within the acsd service, which listens on TCP port 5916 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-9853.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-121,

Products Affected

Vendor Product Version
netgear r6700_firmware *
CVE-2020-15636 HIGH

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R6400, R6700, R7000, R7850, R7900, R8000, RS400, and XR300 routers with firmware 1.0.4.84_10.0.58. Authentication is not required to exploit this vulnerability. The specific flaw exists within the check_ra service. A crafted raePolicyVersion in a RAE_Policy.json file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9852.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-121,

Products Affected

Vendor Product Version
netgear r6700_firmware *
CVE-2020-17409 LOW

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6120, R6080, R6260, R6220, R6020, JNR3210, and WNR2020 routers with firmware 1.0.66. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-10754.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-288,

Products Affected

Vendor Product Version
netgear r6350_firmware *
netgear r6260_firmware *
netgear r6230_firmware *
netgear r6850_firmware *
netgear r6330_firmware *
netgear r6080_firmware *
netgear jnr3210_firmware -
netgear r6220_firmware *
netgear r6020_firmware *
netgear wnr2020_firmware -
netgear r6120_firmware *
CVE-2020-25067 MEDIUM

NETGEAR R8300 devices before 1.0.2.134 are affected by command injection by an unauthenticated attacker.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear r8300_firmware *
CVE-2020-26897 HIGH

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L 2.8 6.0
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear cbr40_firmware *
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
CVE-2020-26898 HIGH

NETGEAR RAX40 devices before 1.0.3.80 are affected by incorrect configuration of security settings.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L 2.8 6.0
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
netgear rax40_firmware *
CVE-2020-26899 LOW

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L 2.8 6.0
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear cbr40_firmware *
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
CVE-2020-26900 LOW

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L 2.8 6.0

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear cbr40_firmware *
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
CVE-2020-26901 LOW

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L 2.8 6.0

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
CVE-2020-26902 HIGH

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L 2.8 6.0
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
CVE-2020-26903 LOW

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L 2.8 6.0
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear cbr40_firmware *
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
CVE-2020-26904 LOW

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L 2.8 6.0
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear cbr40_firmware *
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
CVE-2020-26905 LOW

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L 2.8 6.0
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear cbr40_firmware *
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
CVE-2020-26906 HIGH

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L 2.8 6.0

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear cbr40_firmware *
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
CVE-2020-26907 HIGH

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
CVE-2020-26908 HIGH

Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.36, D7000 before 1.0.1.74, PR2000 before 1.0.0.30, R6020 before 1.0.0.42, R6050 before 1.0.1.22, JR6150 before 1.0.1.22, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R69002 before 1.2.0.62, and WNR2020 before 1.1.0.62.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cve@mitre.org 9.4 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L 3.9 5.5

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
netgear r6260_firmware *
netgear r6230_firmware *
netgear d7000_firmware *
netgear r6900_firmware *
netgear r6050_firmware *
netgear r6080_firmware *
netgear r6700v2_firmware *
netgear r6020_firmware *
netgear d6200_firmware *
netgear r6220_firmware *
netgear jr6150_firmware *
netgear r6800_firmware *
netgear pr2000_firmware *
netgear wnr2020_firmware *
netgear r6120_firmware *
CVE-2020-26909 HIGH

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7800 before 1.0.1.58 and R7500v2 before 1.0.3.48.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear r7500v2_firmware *
CVE-2020-26910 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear cbr40_firmware *
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
CVE-2020-26911 MEDIUM

Certain NETGEAR devices are affected by lack of access control at the function level. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JR6150 before 1.0.1.24, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.62, and WNR2020 before 1.1.0.62.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
cve@mitre.org 8.3 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L 2.8 5.5

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
netgear r6900v2_firmware *
netgear r6260_firmware *
netgear d7000_firmware *
netgear r6050_firmware *
netgear r6080_firmware *
netgear r6700v2_firmware *
netgear r7450_firmware *
netgear r6020_firmware *
netgear d6200_firmware *
netgear r6220_firmware *
netgear jr6150_firmware *
netgear r6800_firmware *
netgear wnr2020_firmware *
netgear r6120_firmware *
CVE-2020-26912 MEDIUM

Certain NETGEAR devices are affected by CSRF. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JR6150 before 1.0.1.24, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.62, and WNR2020 before 1.1.0.62.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 7.5 HIGH CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N 1.2 5.8
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
netgear r6900v2_firmware *
netgear r6260_firmware *
netgear d7000_firmware *
netgear r6050_firmware *
netgear r6080_firmware *
netgear r6700v2_firmware *
netgear r7450_firmware *
netgear r6020_firmware *
netgear d6200_firmware *
netgear r6220_firmware *
netgear jr6150_firmware *
netgear r6800_firmware *
netgear wnr2020_firmware *
netgear r6120_firmware *
CVE-2020-26913 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.63, R7800 before 1.0.2.60, R8900 before 1.0.4.26, R9000 before 1.0.4.26, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, RBK40 before 2.3.0.28, RBR40 before 2.3.0.28, RBS40 before 2.3.0.28, SRK60 before 2.2.2.20, SRR60 before 2.2.2.20, SRS60 before 2.2.2.20, WN3000RPv2 before 1.0.0.78, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.70, XR450 before 2.3.2.40, and XR500 before 2.3.2.40.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear rbs50_firmware *
netgear r7800_firmware *
netgear d6100_firmware *
netgear xr500_firmware *
netgear srr60_firmware *
netgear r9000_firmware *
netgear wnr2000v5_firmware *
netgear rbr50_firmware *
netgear xr450_firmware *
netgear rbk50_firmware *
netgear srs60_firmware *
netgear wndr4300v2_firmware *
netgear wndr4500v3_firmware *
netgear rbs20_firmware *
netgear rbk20_firmware *
netgear wn3000rpv2_firmware *
netgear r8900_firmware *
netgear rbk40_firmware *
netgear rbr20_firmware *
netgear srk60_firmware *
CVE-2020-26914 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JR6150 before 1.0.1.24, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.62, and WNR2020 before 1.1.0.62.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
cve@mitre.org 6.7 MEDIUM CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L 1.2 5.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear r6900v2_firmware *
netgear r6260_firmware *
netgear d7000_firmware *
netgear r6050_firmware *
netgear r6080_firmware *
netgear r6700v2_firmware *
netgear r7450_firmware *
netgear r6020_firmware *
netgear d6200_firmware *
netgear r6220_firmware *
netgear jr6150_firmware *
netgear r6800_firmware *
netgear wnr2020_firmware *
netgear r6120_firmware *
CVE-2020-26915 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7
cve@mitre.org 6.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 0.8 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear r7500v2_firmware *
netgear rbs50_firmware *
netgear r7800_firmware *
netgear xr700_firmware *
netgear r8900_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rax120_firmware *
CVE-2020-26916 MEDIUM

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JR6150 before 1.0.1.24, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.50, and WNR2020 before 1.1.0.62.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 5.4 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 2.8 2.5
nvd@nist.gov 6.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 2.8 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
netgear r6900v2_firmware *
netgear r6260_firmware *
netgear d7000_firmware *
netgear r6050_firmware *
netgear r6080_firmware *
netgear r6700v2_firmware *
netgear r7450_firmware *
netgear r6020_firmware *
netgear d6200_firmware *
netgear r6220_firmware *
netgear jr6150_firmware *
netgear r6800_firmware *
netgear wnr2020_firmware *
netgear r6120_firmware *
CVE-2020-26917 LOW

Certain NETGEAR devices are affected by stored XSS. This affects EX7000 before 1.0.1.78, R6250 before 1.0.4.34, R6400 before 1.0.1.46, R6400v2 before 1.0.2.66, R7100LG before 1.0.0.50, R7300DST before 1.0.0.70, R7900 before 1.0.3.8, R8300 before 1.0.2.128, and R8500 before 1.0.2.128.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 4.1 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L 0.7 3.4
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear r7900_firmware *
netgear r7300dst_firmware *
netgear r6400_firmware *
netgear ex7000_firmware *
netgear r7100lg_firmware *
netgear r8500_firmware *
netgear r6250_firmware *
netgear r6400v2_firmware *
netgear r8300_firmware *
CVE-2020-26918 LOW

Certain NETGEAR devices are affected by stored XSS. This affects EX7000 before 1.0.1.78, R6250 before 1.0.4.34, R6400 before 1.0.1.46, R6400v2 before 1.0.2.66, R6700v3 before 1.0.2.66, R7100LG before 1.0.0.50, R7300DST before 1.0.0.70, R7900 before 1.0.3.8, R8300 before 1.0.2.128, and R8500 before 1.0.2.128.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7
cve@mitre.org 4.1 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L 0.7 3.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear r7900_firmware *
netgear r7300dst_firmware *
netgear r6400_firmware *
netgear ex7000_firmware *
netgear r7100lg_firmware *
netgear r8500_firmware *
netgear r6250_firmware *
netgear r6400v2_firmware *
netgear r6700v3_firmware *
netgear r8300_firmware *
CVE-2020-26919 HIGH

NETGEAR JGS516PE devices before 2.6.0.43 are affected by lack of access control at the function level.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
netgear jgs516pe_firmware *
CVE-2020-26920 MEDIUM

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects SRK60 before 2.5.3.110, SRR60 before 2.5.3.110, and SRS60 before 2.5.3.110.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear srs60_firmware *
netgear srr60_firmware *
netgear srk60_firmware *
CVE-2020-26921 MEDIUM

Certain NETGEAR devices are affected by authentication bypass. This affects GS110EMX before 1.0.1.7, GS810EMX before 1.7.1.3, XS512EM before 1.0.1.3, and XS724EM before 1.0.1.3.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
cve@mitre.org 8.3 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H 2.8 5.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
netgear xs512em_firmware *
netgear gs110emx_firmware *
netgear xs724em_firmware *
netgear gs810emx_firmware *
CVE-2020-26922 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WC7500 before 6.5.5.24, WC7600 before 6.5.5.24, WC7600v2 before 6.5.5.24, and WC9500 before 6.5.5.24.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
cve@mitre.org 6.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.5 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear wc7600_firmware *
netgear wc7500_firmware *
netgear wc9500_firmware *
netgear wc7600v2_firmware *
CVE-2020-26923 LOW

Certain NETGEAR devices are affected by stored XSS. This affects WC7500 before 6.5.5.24, WC7600 before 6.5.5.24, WC7600v2 before 6.5.5.24, and WC9500 before 6.5.5.24.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7
cve@mitre.org 4.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.2 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear wc7600_firmware *
netgear wc7500_firmware *
netgear wc9500_firmware *
netgear wc7600v2_firmware *
CVE-2020-26924 LOW

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects WAC720 before 3.9.1.13 and WAC730 before 3.9.1.13.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6
cve@mitre.org 3.1 LOW CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 1.6 1.4

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear wac730_firmware *
netgear wac720_firmware *
CVE-2020-26925 LOW

NETGEAR GS808E devices before 1.7.1.0 are affected by denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.2 LOW CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L 1.5 1.4
cve@mitre.org 3.2 LOW CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L 1.5 1.4

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear gs808e_firmware *
CVE-2020-26926 MEDIUM

Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0
nvd@nist.gov 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear cbr40_firmware *
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
CVE-2020-26927 HIGH

Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.42, R6080 before 1.0.0.42, R6050 before 1.0.1.26, JR6150 before 1.0.1.26, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.66, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, AC2100 before 1.2.0.62, AC2400 before 1.2.0.62, AC2600 before 1.2.0.62, R7450 before 1.2.0.62, and WNR2020 before 1.1.0.62.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cve@mitre.org 9.4 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H 3.9 5.5

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear r6260_firmware *
netgear d7000_firmware *
netgear r6900_firmware *
netgear r6050_firmware *
netgear r6080_firmware *
netgear ac2100_firmware *
netgear r7450_firmware *
netgear r6700_firmware *
netgear r6020_firmware *
netgear d6200_firmware *
netgear ac2600_firmware *
netgear r6220_firmware *
netgear jr6150_firmware *
netgear r6800_firmware *
netgear ac2400_firmware *
netgear wnr2020_firmware *
netgear r6120_firmware *
CVE-2020-26928 MEDIUM

Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear cbr40_firmware *
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
CVE-2020-26929 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6220 before 1.1.0.100 and R6230 before 1.1.0.100.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 7.3 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 2.1 5.2
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear r6230_firmware *
netgear r6220_firmware *
CVE-2020-26930 MEDIUM

NETGEAR EX7700 devices before 1.0.0.210 are affected by incorrect configuration of security settings.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.8 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N 1.2 2.5
cve@mitre.org 3.3 LOW CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N 0.7 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-1188,

Products Affected

Vendor Product Version
netgear ex7700_firmware *
CVE-2020-26931 LOW

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects WC7500 before 6.5.5.24, WC7600 before 6.5.5.24, WC7600v2 before 6.5.5.24, and WC9500 before 6.5.5.24.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6
cve@mitre.org 5.9 MEDIUM CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N 1.6 4.2

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear wc7600_firmware *
netgear wc7500_firmware *
netgear wc9500_firmware *
CVE-2020-27861 HIGH

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi 2.5.1.16 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UA_Parser utility. A crafted Host Name option in a DHCP request can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11076.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear rbk43_router_firmware *
netgear rbs50_firmware *
netgear rbk50v_firmware *
netgear rbk40_satellite_firmware *
netgear rbs10_firmware *
netgear rbk23_satellite_firmware *
netgear rbk30_firmware *
netgear rbk44_router_firmware *
netgear rbk44_satellite_firmware *
netgear rbk22_satellite_firmware *
netgear rbr50_firmware *
netgear rbk23w_firmware *
netgear rbk13_firmware *
netgear rbk52w_firmware *
netgear rbk23_router_firmware *
netgear rbk20w_firmware *
netgear rbs20_firmware *
netgear rbk12_firmware *
netgear cbk43_firmware *
netgear rbr10_firmware *
netgear rbr40_firmware *
netgear rbr20_firmware *
netgear cbr40_firmware *
netgear ex8000_firmware *
netgear rbk14_firmware *
netgear rbk22_router_firmware *
netgear cbk40_firmware *
netgear ex6200_firmware *
netgear rbk20_router_firmware *
netgear rbk43_satellite_firmware *
netgear rbk43s_satellite_firmware *
netgear rbk20_satellite_firmware *
netgear rbk40_router_firmware *
netgear rbk50_firmware *
netgear rbk33_firmware *
netgear rbk43s_router_firmware *
netgear ex7700_firmware *
netgear rbk15_firmware *
CVE-2020-27866 HIGH

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-11355.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-288,CWE-287,

Products Affected

Vendor Product Version
netgear r6260_firmware *
netgear r6230_firmware *
netgear r6330_firmware *
netgear r6900_firmware *
netgear r6080_firmware *
netgear r7400_firmware *
netgear ac2100_firmware *
netgear r7450_firmware *
netgear r6700_firmware *
netgear r6020_firmware *
netgear r6350_firmware *
netgear r7350_firmware *
netgear r7200_firmware *
netgear r6850_firmware *
netgear ac2600_firmware *
netgear r6220_firmware *
netgear r6800_firmware *
netgear ac2400_firmware *
netgear r6120_firmware *
CVE-2020-27867 HIGH

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. When parsing the funjsq_access_token parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11653.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,CWE-77,

Products Affected

Vendor Product Version
netgear r6260_firmware *
netgear r6230_firmware *
netgear r6330_firmware *
netgear r6900_firmware *
netgear r6080_firmware *
netgear r7400_firmware *
netgear ac2100_firmware *
netgear r7450_firmware *
netgear r6700_firmware *
netgear r6020_firmware *
netgear r6350_firmware *
netgear r7350_firmware *
netgear r7200_firmware *
netgear r6850_firmware *
netgear ac2600_firmware *
netgear r6220_firmware *
netgear r6800_firmware *
netgear ac2400_firmware *
netgear r6120_firmware *
CVE-2020-27872 MEDIUM

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from improper state tracking in the password recovery process. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-11365.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-642,CWE-668,

Products Affected

Vendor Product Version
netgear r6260_firmware *
netgear r6230_firmware *
netgear r6330_firmware *
netgear r6900_firmware *
netgear r6080_firmware *
netgear r7400_firmware *
netgear ac2100_firmware *
netgear r7450_firmware *
netgear r6700_firmware *
netgear r6020_firmware *
netgear r6350_firmware *
netgear r7350_firmware *
netgear r7200_firmware *
netgear r6850_firmware *
netgear ac2600_firmware *
netgear r6220_firmware *
netgear r6800_firmware *
netgear ac2400_firmware *
netgear r6120_firmware *
CVE-2020-27873 LOW

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SOAP API endpoint, which listens on TCP port 80 by default. The issue results from the lack of proper access control. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-11559.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-284,CWE-863,

Products Affected

Vendor Product Version
netgear r6260_firmware *
netgear r6230_firmware *
netgear r6330_firmware *
netgear r6900_firmware *
netgear r6080_firmware *
netgear r7400_firmware *
netgear ac2100_firmware *
netgear r7450_firmware *
netgear r6700_firmware *
netgear r6020_firmware *
netgear r6350_firmware *
netgear r7350_firmware *
netgear r7200_firmware *
netgear r6850_firmware *
netgear ac2600_firmware *
netgear r6220_firmware *
netgear r6800_firmware *
netgear ac2400_firmware *
netgear r6120_firmware *
CVE-2020-28041 MEDIUM

The SIP ALG implementation on NETGEAR Nighthawk R7000 1.0.9.64_10.2.64 devices allows remote attackers to communicate with arbitrary TCP and UDP services on a victim's intranet machine, if the victim visits an attacker-controlled web site with a modern browser, aka NAT Slipstreaming. This occurs because the ALG takes action based on an IP packet with an initial REGISTER substring in the TCP data, and the correct intranet IP address in the subsequent Via header, without properly considering that connection progress and fragmentation affect the meaning of the packet data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-276,

Products Affected

Vendor Product Version
netgear nighthawk_r7000_firmware 1.0.9.64_10.2.64
CVE-2020-28373 HIGH

upnpd on certain NETGEAR devices allows remote (LAN) attackers to execute arbitrary code via a stack-based buffer overflow. This affects R6400v2 V1.0.4.102_10.0.75, R6400 V1.0.1.62_1.0.41, R7000P V1.3.2.126_10.1.66, XR300 V1.0.3.50_10.3.36, R8000 V1.0.4.62, R8300 V1.0.2.136, R8500 V1.0.2.136, R7300DST V1.0.0.74, R7850 V1.0.5.64, R7900 V1.0.4.30, RAX20 V1.0.2.64, RAX80 V1.0.3.102, and R6250 V1.0.4.44.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear r8000_firmware 1.0.4.62
netgear rax20_firmware 1.0.2.64
netgear r7000p_firmware 1.3.2.126_10.1.66
netgear r7850_firmware 1.0.5.64
netgear r7300dst_firmware 1.0.0.74
netgear r6400v2_firmware 1.0.4.102_10.0.75
netgear rax80_firmware 1.0.3.102
netgear r6400_firmware 1.0.1.62_1.0.41
netgear r7900_firmware 1.0.4.30
netgear r6250_firmware 1.0.4.44
netgear xr300_firmware 1.0.3.50_10.3.36
netgear r8300_firmware 1.0.2.136
netgear r8500_firmware 1.0.2.136
CVE-2020-35221 LOW

The hashing algorithm implemented for NSDP password authentication on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was found to be insecure, allowing attackers (with access to a network capture) to quickly generate multiple collisions to generate valid passwords, or infer some parts of the original.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: LOW

Problem Type: CWE-326,

Products Affected

Vendor Product Version
netgear jgs516pe_firmware 2.6.0.43
netgear gs116e_firmware 2.6.0.43
CVE-2020-35223 MEDIUM

The CSRF protection mechanism implemented in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices could be bypassed by omitting the CSRF token parameter in HTTP requests.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
netgear jgs516pe_firmware 2.6.0.43
netgear gs116e_firmware 2.6.0.43
CVE-2020-35224 MEDIUM

A buffer overflow vulnerability in the NSDP protocol authentication method on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allows remote unauthenticated attackers to force a device reboot.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netgear jgs516pe_firmware 2.6.0.43
netgear gs116e_firmware 2.6.0.43
CVE-2020-35225 MEDIUM

The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was not properly validating the length of string parameters sent in write requests, potentially allowing denial of service attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netgear jgs516pe_firmware 2.6.0.43
netgear gs116e_firmware 2.6.0.43
CVE-2020-35226 MEDIUM

NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allow unauthenticated users to modify the switch DHCP configuration by sending the corresponding write request command.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L 2.8 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,

Products Affected

Vendor Product Version
netgear jgs516pe_firmware 2.6.0.43
netgear gs116e_firmware 2.6.0.43
CVE-2020-35227 MEDIUM

A buffer overflow vulnerability in the access control section on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices (in the administration web panel) allows an attacker to inject IP addresses into the whitelist via the checkedList parameter to the delete command.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netgear jgs516pe_firmware 2.6.0.43
netgear gs116e_firmware 2.6.0.43
CVE-2020-35228 LOW

A cross-site scripting (XSS) vulnerability in the administration web panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allows remote attackers to inject arbitrary web script or HTML via the language parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear jgs516pe_firmware 2.6.0.43
netgear gs116e_firmware 2.6.0.43
CVE-2020-35229 MEDIUM

The authentication token required to execute NSDP write requests on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices is not properly invalidated and can be reused until a new token is generated, which allows attackers (with access to network traffic) to effectively gain administrative privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-384,

Products Affected

Vendor Product Version
netgear jgs516pe_firmware 2.6.0.43
netgear gs116e_firmware 2.6.0.43
CVE-2020-35230 MEDIUM

Multiple integer overflow parameters were found in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices. Most of the integer parameters sent through the web server can be abused to cause a denial of service attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
netgear jgs516pe_firmware 2.6.0.43
netgear gs116e_firmware 2.6.0.43
CVE-2020-35231 HIGH

The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was affected by an authentication issue that allows an attacker to bypass access controls and obtain full control of the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
netgear jgs516pe_firmware 2.6.0.43
netgear gs116e_firmware 2.6.0.43
CVE-2020-35233 MEDIUM

The TFTP server fails to handle multiple connections on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices, and allows external attackers to force device reboots by sending concurrent connections, aka a denial of service attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
netgear jgs516pe_firmware 2.6.0.43
netgear gs116e_firmware 2.6.0.43
CVE-2020-35777 HIGH

NETGEAR DGN2200v1 devices before v1.0.0.58 are affected by command injection.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear dgn2200v1_firmware *
CVE-2020-35778 MEDIUM

Certain NETGEAR devices are affected by CSRF. This affects GS716Tv3 before 6.3.1.36 and GS724Tv4 before 6.3.1.36.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9
cve@mitre.org 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
netgear gs724t_firmware *
netgear gs716t_firmware *
CVE-2020-35779 HIGH

NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H 3.9 4.0
cve@mitre.org 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H 2.2 4.7

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear nms300_firmware *
CVE-2020-35780 MEDIUM

NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 2.8 4.2
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear nms300_firmware *
CVE-2020-35781 MEDIUM

NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6
cve@mitre.org 8.3 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H 2.8 5.5

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear nms300_firmware *
CVE-2020-35782 HIGH

Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. The TFTP firmware update mechanism does not properly implement firmware validations, allowing remote attackers to write arbitrary data to internal memory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 2.8 5.2
cve@mitre.org 8.1 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 2.8 5.2

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
netgear gs116e_firmware *
netgear jgs524e_firmware *
netgear jgs516pe_firmware *
netgear jgs524pe_firmware *
CVE-2020-35783 MEDIUM

Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, GS116Ev2 before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and JGS524PE before 2.6.0.48. The NSDP protocol version allows unauthenticated remote attackers to obtain all the switch configuration parameters by sending the corresponding read requests.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6
cve@mitre.org 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear gs116e_firmware *
netgear jgs524e_firmware *
netgear jgs516pe_firmware *
netgear jgs524pe_firmware *
CVE-2020-35784 MEDIUM

Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and GS116Ev2 before 2.6.0.48.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
cve@mitre.org 6.2 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L 0.7 5.5

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
netgear gs116e_firmware *
netgear jgs524e_firmware *
netgear jgs516pe_firmware *
netgear jgs524pe_firmware *
CVE-2020-35785 MEDIUM

NETGEAR DGN2200v1 devices before v1.0.0.60 mishandle HTTPd authentication (aka PSV-2020-0363, PSV-2020-0364, and PSV-2020-0365).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 8.3 HIGH CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 1.6 6.0
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
netgear dgn2200_firmware *
CVE-2020-35786 LOW

NETGEAR R7800 devices before 1.0.2.74 are affected by a buffer overflow by an authenticated user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 0.9 3.6
cve@mitre.org 4.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 0.9 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netgear r7800_firmware *
CVE-2020-35787 MEDIUM

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6200 before 1.1.00.36, D7000 before 1.0.1.70, EX6200v2 before 1.0.1.78, EX7000 before 1.0.1.78, EX8000 before 1.0.1.186, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.42, R6050 before 1.0.1.18, R6080 before 1.0.0.42, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.64, R6300v2 before 1.0.4.34, R6700 before 1.0.2.6, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900 before 1.0.2.4, R6900P before 1.3.1.64, R6900v2 before 1.2.0.36, R7000 before 1.0.9.42, R7000P before 1.3.1.64, R7800 before 1.0.2.60, R8900 before 1.0.4.12, R9000 before 1.0.4.12, and XR500 before 2.3.2.40.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9
cve@mitre.org 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netgear r6260_firmware *
netgear d7000_firmware *
netgear r6900_firmware *
netgear r6080_firmware *
netgear r7000_firmware *
netgear r7000p_firmware *
netgear r6020_firmware *
netgear jr6150_firmware *
netgear r6800_firmware *
netgear pr2000_firmware *
netgear r6900p_firmware *
netgear ex8000_firmware *
netgear ex6200_firmware *
netgear r6050_firmware *
netgear ex7000_firmware *
netgear r7800_firmware *
netgear r6700_firmware *
netgear d6000_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear d6200_firmware *
netgear r6300_firmware *
netgear d3600_firmware *
netgear r8900_firmware *
netgear r6220_firmware *
netgear r6120_firmware *
CVE-2020-35788 MEDIUM

NETGEAR WAC104 devices before 1.0.4.13 are affected by a buffer overflow by an authenticated user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
cve@mitre.org 7.6 HIGH CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 1.0 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netgear wac104_firmware *
CVE-2020-35789 MEDIUM

NETGEAR NMS300 devices before 1.6.0.27 are affected by command injection by an authenticated user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-78,

Products Affected

Vendor Product Version
netgear nms300_firmware *
CVE-2020-35790 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.56, R7800 before 1.0.2.68, R8900 before 1.0.4.26, and R9000 before 1.0.4.26.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 6.4 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L 0.9 5.5
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear r7800_firmware *
netgear r8900_firmware *
netgear r9000_firmware *
CVE-2020-35791 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7800 before 1.0.2.68, R8900 before 1.0.5.2, and R9000 before 1.0.5.2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 6.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.5 5.9
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear r7800_firmware *
netgear r8900_firmware *
netgear r9000_firmware *
CVE-2020-35792 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7500v2 before 1.0.3.48, R8900 before 1.0.5.2, R9000 before 1.0.5.2, and R7800 before 1.0.2.68.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 8.3 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L 1.7 6.0
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear r7800_firmware *
netgear r8900_firmware *
netgear r7500_firmware *
netgear r9000_firmware *
CVE-2020-35793 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.58, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.5.2, and R9000 before 1.0.5.2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
cve@mitre.org 6.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L 0.6 5.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear r7800_firmware *
netgear r8900_firmware *
netgear r7500_firmware *
netgear r9000_firmware *
CVE-2020-35794 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBS40V before 2.6.1.4, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk752_firmware *
netgear rbs40v_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
CVE-2020-35795 HIGH

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, CBK40 before 2.5.0.10, CBR40 before 2.5.0.10, D7800 before 1.0.1.58, EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX7500 before 1.0.0.68, MK62 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, R6120 before 1.0.0.70, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.76, R6330 before 1.1.0.76, R6350 before 1.1.0.76, R6400 before 1.0.1.62, R6400v2 before 1.0.4.98, R6700 before 1.0.2.16, R6700v2 before 1.2.0.72, R6700v3 before 1.0.4.98, R6800 before 1.2.0.72, R6850 before 1.1.0.76, R6900P before 1.3.2.124, R6900 before 1.0.2.16, R6900v2 before 1.2.0.72, R7000 before 1.0.11.106, R7000P before 1.3.2.124, R7200 before 1.2.0.72, R7350 before 1.2.0.72, R7400 before 1.2.0.72, R7450 before 1.2.0.72, R7800 before 1.0.2.74, R7850 before 1.0.5.60, R7900 before 1.0.4.26, R7900P before 1.4.1.62, R7960P before 1.4.1.62, R8000 before 1.0.4.58, R8000P before 1.4.1.62, R8900 before 1.0.5.24, R9000 before 1.0.5.24, RAX120 before 1.0.1.136, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX200 before 1.0.2.102, RAX45 before 1.0.2.64, RAX50 before 1.0.2.64, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK12 before 2.6.1.44, RBR10 before 2.6.1.44, RBS10 before 2.6.1.44, RBK20 before 2.6.1.38, RBR20 before 2.6.1.36, RBS20 before 2.6.1.38, RBK40 before 2.6.1.38, RBR40 before 2.6.1.36, RBS40 before 2.6.1.38, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK842 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RS400 before 1.5.0.48, XR300 before 1.0.3.50, XR450 before 2.3.2.66, XR500 before 2.3.2.66, and XR700 before 1.0.1.34.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cve@mitre.org 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netgear r6230_firmware *
netgear r7850_firmware *
netgear r6900_firmware *
netgear r7400_firmware *
netgear r7000_firmware *
netgear rax20_firmware *
netgear r7450_firmware *
netgear r8000_firmware *
netgear rbs10_firmware *
netgear eax20_firmware *
netgear r6400v2_firmware *
netgear rax200_firmware *
netgear rax120_firmware *
netgear r6350_firmware *
netgear rbr50_firmware *
netgear rax75_firmware *
netgear r7200_firmware *
netgear ms60_firmware *
netgear r6400_firmware *
netgear rax15_firmware *
netgear rbk12_firmware *
netgear xr700_firmware *
netgear rbr10_firmware *
netgear rbr40_firmware *
netgear r6800_firmware *
netgear r6900p_firmware *
netgear rbr20_firmware *
netgear rax80_firmware *
netgear cbk40_firmware *
netgear r6330_firmware *
netgear r6700v2_firmware *
netgear r7800_firmware *
netgear xr300_firmware *
netgear r7900_firmware *
netgear d7800_firmware *
netgear rs400_firmware *
netgear rbk20_firmware *
netgear r8900_firmware *
netgear eax80_firmware *
netgear r6120_firmware *
netgear rbs40_firmware *
netgear r6260_firmware *
netgear rbs50_firmware *
netgear r7900p_firmware *
netgear r7000p_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbr840_firmware *
netgear rbr750_firmware *
netgear rax50_firmware *
netgear xr450_firmware *
netgear r6850_firmware *
netgear rbk752_firmware *
netgear ex7500_firmware *
netgear rbk842_firmware *
netgear rbs840_firmware *
netgear rbs20_firmware *
netgear rbk40_firmware *
netgear ac2400_firmware *
netgear rax45_firmware *
netgear cbr40_firmware *
netgear r6900v2_firmware *
netgear ac2100_firmware *
netgear r6700_firmware *
netgear rbs750_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear r6700v3_firmware *
netgear rbk50_firmware *
netgear r7350_firmware *
netgear ac2600_firmware *
netgear mr60_firmware *
netgear r7960p_firmware *
netgear rbs850_firmware *
netgear r8000p_firmware *
netgear r6220_firmware *
netgear mk62_firmware *
CVE-2020-35796 HIGH

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects CBR40 before 2.5.0.10, D6220 before 1.0.0.60, D6400 before 1.0.0.94, D7000v2 before 1.0.0.62, D8500 before 1.0.3.50, DC112A before 1.0.0.48, DGN2200v4 before 1.0.0.114, EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX3700 before 1.0.0.84, EX3800 before 1.0.0.84, EX3920 before 1.0.0.84, EX6000 before 1.0.0.44, EX6100 before 1.0.2.28, EX6120 before 1.0.0.54, EX6130 before 1.0.0.36, EX6150 before 1.0.0.46, EX6200 before 1.0.3.94, EX6920 before 1.0.0.54, EX7000 before 1.0.1.90, EX7500 before 1.0.0.68, MK62 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, R6250 before 1.0.4.42, R6300v2 before 1.0.4.42, R6400 before 1.0.1.62, R6400v2 before 1.0.4.98, R6700v3 before 1.0.4.98, R6700 before 1.0.2.16, R6900P before 1.3.2.124, R6900 before 1.0.2.16, R7000 before 1.0.11.106, R7000P before 1.3.2.124, R7100LG before 1.0.0.56, R7850 before 1.0.5.60, R7900 before 1.0.4.26, R7900P before 1.4.1.62, R7960P before 1.4.1.62, R8000 before 1.0.4.58, R8000P before 1.4.1.62, R8300 before 1.0.2.134, R8500 before 1.0.2.134, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX200 before 1.0.2.102, RAX45 before 1.0.2.32, RAX50 before 1.0.2.32, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK842 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBS40V-200 before 1.0.0.46, RBW30 before 2.5.0.4, RS400 before 1.5.0.48, WN2500RPv2 before 1.0.1.56, WN3500RP before 1.0.0.28, WNDR3400v3 before 1.0.1.32, WNR1000v3 before 1.0.2.78, WNR2000v2 before 1.2.0.12, WNR3500Lv2 before 1.2.0.62, and XR300 before 1.0.3.50.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netgear wnr1000v3_firmware *
netgear r7850_firmware *
netgear d7000v2_firmware *
netgear r6900_firmware *
netgear r7000_firmware *
netgear rax20_firmware *
netgear ex6920_firmware *
netgear r8000_firmware *
netgear eax20_firmware *
netgear r6400v2_firmware *
netgear rax200_firmware *
netgear wndr3400v3_firmware *
netgear wn3500rp_firmware *
netgear rax75_firmware *
netgear ex6150_firmware *
netgear ms60_firmware *
netgear r6400_firmware *
netgear rax15_firmware *
netgear ex6120_firmware *
netgear r8500_firmware *
netgear r6250_firmware *
netgear r6900p_firmware *
netgear r8300_firmware *
netgear rax80_firmware *
netgear rbw30_firmware *
netgear d8500_firmware *
netgear xr300_firmware *
netgear r7900_firmware *
netgear rbs40v-200_firmware *
netgear rs400_firmware *
netgear ex3700_firmware *
netgear eax80_firmware *
netgear wnr3500lv2_firmware *
netgear r7900p_firmware *
netgear d6220_firmware *
netgear r7000p_firmware *
netgear dgn2200v4_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbr840_firmware *
netgear d6400_firmware *
netgear rbr750_firmware *
netgear wn2500rpv2_firmware *
netgear ex3800_firmware *
netgear wnr2000v2_firmware *
netgear rax50_firmware *
netgear rbk752_firmware *
netgear ex7500_firmware *
netgear rbk842_firmware *
netgear rbs840_firmware *
netgear ex3920_firmware *
netgear cbr40_firmware *
netgear ex6100_firmware *
netgear ex6200_firmware *
netgear ex6130_firmware *
netgear ex6000_firmware *
netgear ex7000_firmware *
netgear r6700_firmware *
netgear dc112a_firmware *
netgear rbs750_firmware *
netgear rx45_firmware *
netgear r6700v3_firmware *
netgear r6300v2_firmware *
netgear mr60_firmware *
netgear r7960p_firmware *
netgear r7100lg_firmware *
netgear rbs850_firmware *
netgear r8000p_firmware *
netgear mk62_firmware *
CVE-2020-35797 HIGH

NETGEAR NMS300 devices before 1.6.0.27 are affected by command injection by an unauthenticated attacker.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cve@mitre.org 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-434,

Products Affected

Vendor Product Version
netgear nms300_firmware *
CVE-2020-35798 HIGH

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects R6400v2 before 1.0.4.84, R6700v3 before 1.0.4.84, R6900P before 1.3.2.124, R7000 before 1.0.11.100, R7000P before 1.3.2.124, R7800 before 1.0.2.74, R7850 before 1.0.5.60, R7900 before 1.0.4.26, R7960P before 1.4.1.50, R8000 before 1.0.4.52, R7900P before 1.4.1.50, R8000P before 1.4.1.50, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX200 before 1.0.1.12, RAX45 before 1.0.2.66, RAX50 before 1.0.2.66, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, RBS850 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RS400 before 1.5.0.48, and XR300 before 1.0.3.50.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.3 CRITICAL CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.5 6.0
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear r7850_firmware *
netgear r7000_firmware *
netgear r7900p_firmware *
netgear rax20_firmware *
netgear r7000p_firmware *
netgear rbk852_firmware *
netgear r8000_firmware *
netgear rbr850_firmware *
netgear rbr840_firmware *
netgear rbr750_firmware *
netgear r6400v2_firmware *
netgear rax200_firmware *
netgear rax50_firmware *
netgear rax75_firmware *
netgear rbk752_firmware *
netgear rax15_firmware *
netgear rbk842_firmware *
netgear rbs840_firmware *
netgear r6900p_firmware *
netgear rax45_firmware *
netgear rax80_firmware *
netgear r7800_firmware *
netgear xr300_firmware *
netgear rbs750_firmware *
netgear r6700v3_firmware *
netgear r7900_firmware *
netgear r7960p_firmware *
netgear rs400_firmware *
netgear rbs850_firmware *
netgear r8000p_firmware *
CVE-2020-35799 HIGH

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.78, D6200 before 1.1.00.32, D7000 before 1.0.1.68, D7800 before 1.0.1.56, DM200 before 1.0.0.61, EX2700 before 1.0.1.52, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.74, EX6400 before 1.0.2.140, EX7300 before 1.0.2.140, EX8000 before 1.0.1.186, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6050 before 1.0.1.18, R6080 before 1.0.0.38, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6230 before 1.1.0.80, R6260 before 1.1.0.40, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, R7500v2 before 1.0.3.40, R7800 before 1.0.2.62, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBR40 before 2.3.0.28, RBS40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, WN2000RPTv3 before 1.0.1.34, WN3000RPv2 before 1.0.0.78, WN3000RPv2 before 1.0.0.78, WN3000RPv3 before 1.0.2.78, WN3100RPv2 before 1.0.0.66, WNR2000v5 before 1.0.0.70, WNR2020 before 1.1.0.62, XR450 before 2.3.2.32, and XR500 before 2.3.2.32.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cve@mitre.org 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear r6260_firmware *
netgear rbs50_firmware *
netgear r6230_firmware *
netgear d7000_firmware *
netgear r6080_firmware *
netgear wn2000rptv3_firmware *
netgear wn3000rpv3_firmware *
netgear r6020_firmware *
netgear ex7300_firmware *
netgear rbr50_firmware *
netgear xr450_firmware 2.3.2.32
netgear rbs20_firmware *
netgear wn3000rpv2_firmware *
netgear rbk40_firmware *
netgear ex2700_firmware *
netgear rbr40_firmware *
netgear jr6150_firmware *
netgear r6800_firmware *
netgear pr2000_firmware *
netgear rbr20_firmware *
netgear r6900v2_firmware *
netgear ex6150v2_firmware *
netgear ex8000_firmware *
netgear r7500v2_firmware *
netgear r6050_firmware *
netgear r6700v2_firmware *
netgear r7800_firmware *
netgear wn3100rpv2_firmware *
netgear xr500_firmware 2.3.2.32
netgear d6000_firmware *
netgear r9000_firmware *
netgear ex6400_firmware *
netgear wnr2000v5_firmware *
netgear d7800_firmware *
netgear rbk50_firmware *
netgear ex6200v2_firmware *
netgear d6200_firmware *
netgear d3600_firmware *
netgear dm200_firmware *
netgear rbk20_firmware *
netgear ex6100v2_firmware *
netgear r8900_firmware *
netgear r6220_firmware *
netgear wnr2020_firmware *
netgear r6120_firmware *
CVE-2020-35800 HIGH

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, CBK40 before 2.5.0.10, CBR40 before 2.5.0.10, D6000 before 1.0.0.80, D6220 before 1.0.0.60, D6400 before 1.0.0.94, D7000v2 before 1.0.0.62, D7800 before 1.0.3.48, D8500 before 1.0.3.50, DC112A before 1.0.0.48, DGN2200v4 before 1.0.0.114, DM200 before 1.0.0.66, EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX2700 before 1.0.1.58, EX3110 before 1.0.1.68, EX3700 before 1.0.0.84, EX3800 before 1.0.0.84, EX3920 before 1.0.0.84, EX6000 before 1.0.0.44, EX6100v2 before 1.0.1.94, EX6110 before 1.0.1.68, EX6120 before 1.0.0.54, EX6130 before 1.0.0.36, EX6150v1 before 1.0.0.46, EX6150v2 before 1.0.1.94, EX6200v1 before 1.0.3.94, EX6250 before 1.0.0.128, EX6400 before 1.0.2.152, EX6400v2 before 1.0.0.128, EX6410 before 1.0.0.128, EX6920 before 1.0.0.54, EX7000 before 1.0.1.90, EX7300 before 1.0.2.152, EX7300v2 before 1.0.0.128, EX7320 before 1.0.0.128, EX7500 before 1.0.0.68, EX7700 before 1.0.0.210, EX8000 before 1.0.1.224, MK62 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, R6120 before 1.0.0.70, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6250 before 1.0.4.42, R6260 before 1.1.0.76, R6300v2 before 1.0.4.42, R6330 before 1.1.0.76, R6350 before 1.1.0.76, R6400v1 before 1.0.1.62, R6400v2 before 1.0.4.98, R6700v1 before 1.0.2.16, R6700v2 before 1.2.0.72, R6700v3 before 1.0.4.98, R6800 before 1.2.0.72, R6800 before 1.2.0.72, R6850 before 1.1.0.76, R6900 before 1.0.2.16, R6900P before 1.3.2.124, R6900v2 before 1.2.0.72, R7000 before 1.0.11.106, R7000P before 1.3.2.124, R7100LG before 1.0.0.56, R7200 before 1.2.0.72, R7350 before 1.2.0.72, R7400 before 1.2.0.72, R7450 before 1.2.0.72, R7500v2 before 1.0.3.48, R7800 before 1.0.2.74, R7850 before 1.0.5.60, R7900 before 1.0.4.26, R7900P before 1.4.1.62, R7960P before 1.4.1.62, R8000 before 1.0.4.58, R8000P before 1.4.1.62, R8300 before 1.0.2.134, R8500 before 1.0.2.134, R8900 before 1.0.5.24, R9000 before 1.0.5.24, RAX120 before 1.0.1.136, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX200 before 1.0.5.24, RAX35 before 1.0.3.80, RAX40 before 1.0.3.80, RAX45 before 1.0.2.64, RAX50 before 1.0.2.64, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK12 before 2.6.1.44, RBR10 before 2.6.1.44, RBS10 before 2.6.1.44, RBK20 before 2.6.1.38, RBR20 before 2.6.1.36, RBS20 before 2.6.1.38, RBK40 before 2.6.1.38, RBR40 before 2.6.1.38, RBS40 before 2.6.1.38, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK842 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBS40V before 2.5.1.6, RBS40V-200 before 1.0.0.46, RBS50Y before 2.6.1.40, RBW30 before 2.5.0.4, RS400 before 1.5.0.48, WN2500RPv2 before 1.0.1.56, WN3000RPv3 before 1.0.2.86, WN3500RPv1 before 1.0.0.28, WNDR3400v3 before 1.0.1.32, WNR1000v3 before 1.0.2.78, WNR2000v2 before 1.2.0.12, XR300 before 1.0.3.50, XR450 before 2.3.2.66, XR500 before 2.3.2.66, and XR700 before 1.0.1.34.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.4 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L 3.9 5.5
cve@mitre.org 9.4 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L 3.9 5.5

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear wnr1000v3_firmware *
netgear r6900_firmware *
netgear r7400_firmware *
netgear rax20_firmware *
netgear r7450_firmware *
netgear ex6920_firmware *
netgear r8000_firmware *
netgear rbs10_firmware *
netgear eax20_firmware *
netgear rax200_firmware *
netgear wndr3400v3_firmware *
netgear rax120_firmware *
netgear rax75_firmware *
netgear r7200_firmware *
netgear ex2700_firmware *
netgear rbr10_firmware *
netgear r6250_firmware *
netgear rbr20_firmware *
netgear ex3110_firmware *
netgear rax80_firmware *
netgear cbk40_firmware *
netgear r6330_firmware *
netgear r6700v1_firmware *
netgear r6700v2_firmware *
netgear d8500_firmware *
netgear ex6150v1_firmware *
netgear rax40_firmware *
netgear d7800_firmware *
netgear rbk20_firmware *
netgear r8900_firmware *
netgear eax80_firmware *
netgear r7900p_firmware *
netgear d6220_firmware *
netgear r7000p_firmware *
netgear dgn2200v4_firmware *
netgear rbk852_firmware *
netgear rbr750_firmware *
netgear ex3800_firmware *
netgear wnr2000v2_firmware *
netgear ex7300v2_firmware *
netgear xr450_firmware *
netgear rbk752_firmware *
netgear rbs840_firmware *
netgear rbs50y_firmware *
netgear rax45_firmware *
netgear r6900v2_firmware *
netgear ex6150v2_firmware *
netgear ex6410_firmware *
netgear ex6130_firmware *
netgear ex7000_firmware *
netgear ac2100_firmware *
netgear rbs40v_firmware *
netgear xr500_firmware *
netgear r6700v3_firmware *
netgear r6300v2_firmware *
netgear mr60_firmware *
netgear r7960p_firmware *
netgear dm200_firmware *
netgear r7100lg_firmware *
netgear ex6100v2_firmware *
netgear mk62_firmware *
netgear r6230_firmware *
netgear r7850_firmware *
netgear d7000v2_firmware *
netgear r7000_firmware *
netgear wn3000rpv3_firmware *
netgear r6400v2_firmware *
netgear ex7300_firmware *
netgear r6350_firmware *
netgear ex6200v1_firmware *
netgear rbr50_firmware *
netgear ms60_firmware *
netgear rax15_firmware *
netgear ex6120_firmware *
netgear rbk12_firmware *
netgear xr700_firmware *
netgear r8500_firmware *
netgear rbr40_firmware *
netgear r6800_firmware *
netgear r6900p_firmware *
netgear r8300_firmware *
netgear ex6400v2_firmware *
netgear ex8000_firmware *
netgear r7500v2_firmware *
netgear rbw30_firmware *
netgear r7800_firmware *
netgear xr300_firmware *
netgear d6000_firmware *
netgear ex6400_firmware *
netgear r7900_firmware *
netgear rbs40v-200_firmware *
netgear rax35_firmware *
netgear rs400_firmware *
netgear ex3700_firmware *
netgear ex7320_firmware *
netgear r6120_firmware *
netgear rbs40_firmware *
netgear r6260_firmware *
netgear rbs50_firmware *
netgear rbr850_firmware *
netgear rbr840_firmware *
netgear d6400_firmware *
netgear wn2500rpv2_firmware *
netgear r6400v1_firmware *
netgear rax50_firmware *
netgear r6850_firmware *
netgear ex7500_firmware *
netgear rbk842_firmware *
netgear rbs20_firmware *
netgear wn3500rpv1_firmware *
netgear rbk40_firmware *
netgear ac2400_firmware *
netgear ex3920_firmware *
netgear ex6110_firmware *
netgear cbr40_firmware *
netgear ex6000_firmware *
netgear dc112a_firmware *
netgear ex6250_firmware *
netgear rbs750_firmware *
netgear r9000_firmware *
netgear rbk50_firmware *
netgear r7350_firmware *
netgear ac2600_firmware *
netgear ex7700_firmware *
netgear rbs850_firmware *
netgear r8000p_firmware *
netgear r6220_firmware *
CVE-2020-35801 MEDIUM

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. A TFTP server was found to be active by default. It allows remote authenticated users to update the switch firmware.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.3 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 2.1 5.2
cve@mitre.org 8.3 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H 2.8 5.5

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear gs116e_firmware *
netgear jgs524e_firmware *
netgear jgs516pe_firmware *
netgear jgs524pe_firmware *
CVE-2020-35802 MEDIUM

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects CBR40 before 2.5.0.14, RBW30 before 2.6.1.4, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBK842 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, and RBS40V before 2.6.1.4.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear cbr40_firmware *
netgear rax80_firmware *
netgear rbw30_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbr840_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
netgear rbs840v_firmware *
netgear rax75_firmware *
netgear rbk752_firmware *
netgear rbk842_firmware *
netgear rbs840_firmware *
netgear rbs850_firmware *
CVE-2020-35803 LOW

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.46, R6080 before 1.0.0.46, R6120 before 1.0.0.72, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.76, R6700v2 before 1.2.0.74, R6800 before 1.2.0.74, R6900v2 before 1.2.0.74, R7450 before 1.2.0.74, AC2100 before 1.2.0.74, AC2400 before 1.2.0.74, and AC2600 before 1.2.0.74.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6
cve@mitre.org 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear r6900v2_firmware *
netgear r6260_firmware *
netgear r6230_firmware *
netgear d7000_firmware *
netgear r6080_firmware *
netgear r6700v2_firmware *
netgear ac2100_firmware *
netgear r7450_firmware *
netgear r6020_firmware *
netgear d6200_firmware *
netgear ac2600_firmware *
netgear r6220_firmware *
netgear r6800_firmware *
netgear ac2400_firmware *
netgear r6120_firmware *
CVE-2020-35804 LOW

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects D7800 before 1.0.1.58, R7800 before 1.0.2.74, R8900 before 1.0.5.18, R9000 before 1.0.5.18, and XR700 before 1.0.1.34.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.6 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 0.9 3.6
cve@mitre.org 7.6 HIGH CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 0.9 6.0

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear r7800_firmware *
netgear xr700_firmware *
netgear r8900_firmware *
netgear r9000_firmware *
CVE-2020-35805 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7
cve@mitre.org 6.1 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 0.9 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear r7500v2_firmware *
netgear rbs50_firmware *
netgear r7800_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rax120_firmware *
netgear d7800_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear rbs20_firmware *
netgear rbk20_firmware *
netgear xr700_firmware *
netgear r8900_firmware *
netgear rbk40_firmware *
netgear rbr40_firmware *
netgear rbr20_firmware *
CVE-2020-35806 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, RAX120 before 1.0.0.78, RBK22 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and WN3000RPv2 before 1.0.0.78.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 6.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 0.8 5.2
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear r7500v2_firmware *
netgear rbs50_firmware *
netgear r7800_firmware *
netgear rax120_firmware *
netgear d7800_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear rbs20_firmware *
netgear wn3000rpv2_firmware *
netgear rbk40_firmware *
netgear rbr40_firmware *
netgear rbk22_firmware *
netgear rbr20_firmware *
CVE-2020-35807 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7800 before 1.0.2.68, RAX120 before 1.0.0.78, RBK22 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and WN3000RPv2 before 1.0.0.78.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 6.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 0.8 5.2
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear rbs50_firmware *
netgear r7800_firmware *
netgear rax120_firmware *
netgear d7800_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear rbs20_firmware *
netgear wn3000rpv2_firmware *
netgear rbk40_firmware *
netgear rbr40_firmware *
netgear rbk22_firmware *
netgear rbr20_firmware *
CVE-2020-35808 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D6100 before 1.0.0.63, DM200 before 1.0.0.61, R7800 before 1.0.2.52, R8900 before 1.0.4.12, R9000 before 1.0.4.12, WN3000RPv2 before 1.0.0.68, and WNR2000v5 before 1.0.0.66.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7
cve@mitre.org 4.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear wnr2000v5_firmware *
netgear dm200_firmware *
netgear r7800_firmware *
netgear d6100_firmware *
netgear wn3000rpv2_firmware *
netgear r8900_firmware *
netgear r9000_firmware *
CVE-2020-35809 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7
cve@mitre.org 6.1 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 0.9 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear r7500v2_firmware *
netgear rbs50_firmware *
netgear r7800_firmware *
netgear xr700_firmware *
netgear r8900_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rax120_firmware *
CVE-2020-35810 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 6.1 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 0.9 5.2
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear r7500v2_firmware *
netgear rbs50_firmware *
netgear r7800_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rax120_firmware *
netgear d7800_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear rbs20_firmware *
netgear rbk20_firmware *
netgear xr700_firmware *
netgear r8900_firmware *
netgear rbk40_firmware *
netgear rbr40_firmware *
netgear rbr20_firmware *
CVE-2020-35811 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 6.1 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 0.9 5.2
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear r7500v2_firmware *
netgear rbs50_firmware *
netgear r7800_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rax120_firmware *
netgear d7800_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear rbs20_firmware *
netgear rbk20_firmware *
netgear xr700_firmware *
netgear r8900_firmware *
netgear rbk40_firmware *
netgear rbr40_firmware *
netgear rbr20_firmware *
CVE-2020-35812 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7
cve@mitre.org 6.1 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 0.9 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear r7500v2_firmware *
netgear rbs50_firmware *
netgear r7800_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rax120_firmware *
netgear d7800_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear rbs20_firmware *
netgear rbk20_firmware *
netgear xr700_firmware *
netgear r8900_firmware *
netgear rbk40_firmware *
netgear rbr40_firmware *
netgear rbr20_firmware *
CVE-2020-35813 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, XR700 before 1.0.1.10, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, XR500 before 2.3.2.56, and RAX120 before 1.0.0.78.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7
cve@mitre.org 6.1 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 0.9 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear r7500v2_firmware *
netgear rbs50_firmware *
netgear r7800_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rax120_firmware *
netgear d7800_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear rbs20_firmware *
netgear rbk20_firmware *
netgear xr700_firmware *
netgear r8900_firmware *
netgear rbk40_firmware *
netgear rbr40_firmware *
netgear rbr20_firmware *
CVE-2020-35814 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7
cve@mitre.org 6.1 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 0.9 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear rbs50_firmware *
netgear r7800_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rax120_firmware *
netgear d7800_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear rbs20_firmware *
netgear rbk20_firmware *
netgear xr700_firmware *
netgear r8900_firmware *
netgear rbk40_firmware *
netgear rbr40_firmware *
netgear rbr20_firmware *
CVE-2020-35815 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBK40 before 2.3.5.30, RBK40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 6.1 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 0.9 5.2
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear r7500v2_firmware *
netgear rbs50_firmware *
netgear r7800_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rax120_firmware *
netgear d7800_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear rbs20_firmware *
netgear rbk20_firmware *
netgear xr700_firmware *
netgear r8900_firmware *
netgear rbk40_firmware *
netgear rbr20_firmware *
CVE-2020-35816 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 6.1 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 0.9 5.2
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear r7500v2_firmware *
netgear rbs50_firmware *
netgear r7800_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rax120_firmware *
netgear d7800_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear rbs20_firmware *
netgear rbk20_firmware *
netgear xr700_firmware *
netgear r8900_firmware *
netgear rbk40_firmware *
netgear rbr40_firmware *
netgear rbr20_firmware *
CVE-2020-35817 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7
cve@mitre.org 6.1 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 0.9 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear r7500v2_firmware *
netgear rbs50_firmware *
netgear r7800_firmware *
netgear xr700_firmware *
netgear r8900_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rax120_firmware *
CVE-2020-35818 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBR20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 6.1 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 0.9 5.2
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear r7500v2_firmware *
netgear rbs50_firmware *
netgear r7800_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rax120_firmware *
netgear d7800_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear rbs20_firmware *
netgear rbk20_firmware *
netgear xr700_firmware *
netgear r8900_firmware *
netgear rbk40_firmware *
netgear rbr40_firmware *
netgear rbr20_firmware *
CVE-2020-35819 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7
cve@mitre.org 6.1 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 0.9 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear r7500v2_firmware *
netgear rbs50_firmware *
netgear r7800_firmware *
netgear xr700_firmware *
netgear r8900_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rax120_firmware *
CVE-2020-35820 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7
cve@mitre.org 6.1 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 0.9 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear r7500v2_firmware *
netgear rbs50_firmware *
netgear r7800_firmware *
netgear xr700_firmware *
netgear r8900_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rax120_firmware *
CVE-2020-35821 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and XR700 before 1.0.1.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 6.1 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 0.9 5.2
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear rbs50_firmware *
netgear r7800_firmware *
netgear r9000_firmware *
netgear rax120_firmware *
netgear d7800_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear rbs20_firmware *
netgear rbk20_firmware *
netgear xr700_firmware *
netgear r8900_firmware *
netgear rbk40_firmware *
netgear rbr40_firmware *
netgear rbr20_firmware *
CVE-2020-35822 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7
cve@mitre.org 6.1 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 0.9 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear r7800_firmware *
netgear xr700_firmware *
netgear r8900_firmware *
netgear r7500_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rax120_firmware *
CVE-2020-35823 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 6.1 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 0.9 5.2
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear r7500v2_firmware *
netgear rbs50_firmware *
netgear r7800_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rax120_firmware *
netgear d7800_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear rbs20_firmware *
netgear rbk20_firmware *
netgear xr700_firmware *
netgear r8900_firmware *
netgear rbk40_firmware *
netgear rbr40_firmware *
netgear rbr20_firmware *
CVE-2020-35824 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7
cve@mitre.org 6.1 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 0.9 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear r7500v2_firmware *
netgear rbs50_firmware *
netgear r7800_firmware *
netgear xr700_firmware *
netgear r8900_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rax120_firmware *
CVE-2020-35825 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7
cve@mitre.org 6.1 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 0.9 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear r7500v2_firmware *
netgear rbs50_firmware *
netgear r7800_firmware *
netgear xr700_firmware *
netgear r8900_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rax120_firmware *
CVE-2020-35826 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7
cve@mitre.org 6.1 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 0.9 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear r7500v2_firmware *
netgear rbs50_firmware *
netgear r7800_firmware *
netgear xr700_firmware *
netgear r8900_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rax120_firmware *
CVE-2020-35827 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, XR500 before 2.3.2.56, XR700 before 1.0.1.10, and RAX120 before 1.0.0.78.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 6.1 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 0.9 5.2
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear rbs50_firmware *
netgear r7800_firmware *
netgear xr700_firmware *
netgear r8900_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rax120_firmware *
CVE-2020-35828 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, XR500 before 2.3.2.56, XR700 before 1.0.1.10, RAX120 before 1.0.0.78, and R7500v2 before 1.0.3.46.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7
cve@mitre.org 6.1 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 0.9 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear r7500v2_firmware *
netgear rbs50_firmware *
netgear r7800_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rax120_firmware *
netgear d7800_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear rbs20_firmware *
netgear rbk20_firmware *
netgear xr700_firmware *
netgear r8900_firmware *
netgear rbk40_firmware *
netgear rbr40_firmware *
netgear rbr20_firmware *
CVE-2020-35829 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 6.1 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 0.9 5.2
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear rbs50_firmware *
netgear r7800_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rax120_firmware *
netgear d7800_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear rbs20_firmware *
netgear rbk20_firmware *
netgear xr700_firmware *
netgear r8900_firmware *
netgear rbk40_firmware *
netgear rbr40_firmware *
netgear rbr20_firmware *
CVE-2020-35830 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 6.1 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 0.9 5.2
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear r7500v2_firmware *
netgear rbs50_firmware *
netgear r7800_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rax120_firmware *
netgear d7800_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear rbs20_firmware *
netgear rbk20_firmware *
netgear xr700_firmware *
netgear r8900_firmware *
netgear rbk40_firmware *
netgear rbr40_firmware *
netgear rbr20_firmware *
CVE-2020-35831 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N 1.7 5.8
cve@mitre.org 6.1 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 0.9 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear r7500v2_firmware *
netgear rbs50_firmware *
netgear r7800_firmware *
netgear xr700_firmware *
netgear r8900_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rax120_firmware *
CVE-2020-35832 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7
cve@mitre.org 6.1 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 0.9 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear r7500v2_firmware *
netgear rbs50_firmware *
netgear r7800_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rax120_firmware *
netgear d7800_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear rbs20_firmware *
netgear rbk20_firmware *
netgear xr700_firmware *
netgear r8900_firmware *
netgear rbk40_firmware *
netgear rbr40_firmware *
netgear rbr20_firmware *
CVE-2020-35833 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7
cve@mitre.org 6.1 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 0.9 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear r7500v2_firmware *
netgear rbs50_firmware *
netgear r7800_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rax120_firmware *
netgear d7800_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear rbs20_firmware *
netgear rbk20_firmware *
netgear xr700_firmware *
netgear r8900_firmware *
netgear rbk40_firmware *
netgear rbr40_firmware *
netgear rbr20_firmware *
CVE-2020-35834 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 6.1 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 0.9 5.2
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear r7500v2_firmware *
netgear r7800_firmware *
netgear xr700_firmware *
netgear r8900_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rax120_firmware *
CVE-2020-35835 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 6.1 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 0.9 5.2
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear r7500v2_firmware *
netgear r7800_firmware *
netgear xr700_firmware *
netgear r8900_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rax120_firmware *
CVE-2020-35836 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, XR500 before 2.3.2.56, XR700 before 1.0.1.10, and RAX120 before 1.0.0.78.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 6.1 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 0.9 5.2
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear r7500v2_firmware *
netgear r7800_firmware *
netgear xr700_firmware *
netgear r8900_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rax120_firmware *
CVE-2020-35837 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 6.1 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 0.9 5.2
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear r7500v2_firmware *
netgear r7800_firmware *
netgear xr700_firmware *
netgear r8900_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rax120_firmware *
CVE-2020-35838 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7
cve@mitre.org 6.1 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 0.9 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear r7500v2_firmware *
netgear r7800_firmware *
netgear xr700_firmware *
netgear r8900_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rax120_firmware *
CVE-2020-35839 LOW

Certain NETGEAR devices are affected by Stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, XR500 before 2.3.2.56, XR700 before 1.0.1.10, and RAX120 before 1.0.0.78.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N 1.7 5.8
cve@mitre.org 6.1 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 0.9 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear r7500v2_firmware *
netgear r7800_firmware *
netgear xr700_firmware *
netgear r8900_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rax120_firmware *
CVE-2020-35840 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JNR1010v2 before 1.1.0.62, JR6150 before 1.0.1.24, JWNR2010v5 before 1.1.0.62, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.76, WNR1000v4 before 1.1.0.62, WNR2020 before 1.1.0.62, and WNR2050 before 1.1.0.62.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 6.9 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N 1.7 4.7
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear r6260_firmware *
netgear wnr2050_firmware *
netgear d7000_firmware *
netgear r6050_firmware *
netgear r6080_firmware *
netgear jnr1010v2_firmware *
netgear r6020_firmware *
netgear d6200_firmware *
netgear wnr1000v4_firmware *
netgear r6220_firmware *
netgear jr6150_firmware *
netgear wnr2020_firmware *
netgear jwnr2010v5_firmware *
netgear r6120_firmware *
CVE-2020-35841 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JNR1010v2 before 1.1.0.62, JR6150 before 1.0.1.24, JWNR2010v5 before 1.1.0.62, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.76, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.62, WNR1000v4 before 1.1.0.62, WNR2020 before 1.1.0.62, and WNR2050 before 1.1.0.62.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.6 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N 2.3 4.7
cve@mitre.org 6.9 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N 1.7 4.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear r6900v2_firmware *
netgear r6260_firmware *
netgear wnr2050_firmware *
netgear d7000_firmware *
netgear r6050_firmware *
netgear r6080_firmware *
netgear r6700v2_firmware *
netgear jnr1010v2_firmware *
netgear r7450_firmware *
netgear r6020_firmware *
netgear d6200_firmware *
netgear wnr1000v4_firmware *
netgear r6220_firmware *
netgear jr6150_firmware *
netgear r6800_firmware *
netgear wnr2020_firmware *
netgear jwnr2010v5_firmware *
netgear r6120_firmware *
CVE-2020-35842 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JNR1010v2 before 1.1.0.62, JR6150 before 1.0.1.24, JWNR2010v5 before 1.1.0.62, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.76, WNR1000v4 before 1.1.0.62, WNR2020 before 1.1.0.62, and WNR2050 before 1.1.0.62.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 6.9 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N 1.7 4.7
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear r6260_firmware *
netgear wnr2050_firmware *
netgear d7000_firmware *
netgear r6050_firmware *
netgear r6080_firmware *
netgear jnr1010v2_firmware *
netgear r6020_firmware *
netgear d6200_firmware *
netgear wnr1000v4_firmware *
netgear r6220_firmware *
netgear jr6150_firmware *
netgear wnr2020_firmware *
netgear jwnr2010v5_firmware *
netgear r6120_firmware *
CVE-2020-5621 MEDIUM

Cross-site request forgery (CSRF) vulnerability in NETGEAR switching hubs (GS716Tv2 Firmware version 5.4.2.30 and earlier, and GS724Tv3 Firmware version 5.4.2.30 and earlier) allow remote attackers to hijack the authentication of administrators and alter the settings of the device via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
netgear gs724tv3_firmware *
netgear gs716tv2_firmware *
CVE-2020-5641 MEDIUM

Cross-site request forgery (CSRF) vulnerability in GS108Ev3 firmware version 2.06.10 and earlier allows remote attackers to hijack the authentication of administrators and the product's settings may be changed without the user's intention or consent via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
netgear gs108ev3_firmware *
CVE-2021-20166 MEDIUM

Netgear RAX43 version 1.0.3.96 contains a buffer overrun vulnerability. The URL parsing functionality in the cgi-bin endpoint of the router containers a buffer overrun issue that can redirection control flow of the applicaiton.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netgear rax43_firmware 1.0.3.96
CVE-2021-20167 HIGH

Netgear RAX43 version 1.0.3.96 contains a command injection vulnerability. The readycloud cgi application is vulnerable to command injection in the name parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rax43_firmware 1.0.3.96
CVE-2021-20168 HIGH

Netgear RAX43 version 1.0.3.96 does not have sufficient protections to the UART interface. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection, login with default credentials, and execute commands as the root user. These default credentials are admin:admin.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
netgear rax43_firmware 1.0.3.96
CVE-2021-20169 HIGH

Netgear RAX43 version 1.0.3.96 does not utilize secure communications to the web interface. By default, all communication to/from the device is sent via HTTP, which causes potentially sensitive information (such as usernames and passwords) to be transmitted in cleartext.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-319,

Products Affected

Vendor Product Version
netgear rax43_firmware 1.0.3.96
CVE-2021-20170 MEDIUM

Netgear RAX43 version 1.0.3.96 makes use of hardcoded credentials. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted. This encryption is accomplished via a password-protected zip file with a hardcoded password (RAX50w!a4udk). By unzipping the configuration using this password, a user can reconfigure settings not intended to be manipulated, re-zip the configuration, and restore a backup causing these settings to be changed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-798,

Products Affected

Vendor Product Version
netgear rax43_firmware 1.0.3.96
CVE-2021-20171 LOW

Netgear RAX43 version 1.0.3.96 stores sensitive information in plaintext. All usernames and passwords for the device's associated services are stored in plaintext on the device. For example, the admin password is stored in plaintext in the primary configuration file on the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-312,

Products Affected

Vendor Product Version
netgear rax43_firmware 1.0.3.96
CVE-2021-20172 HIGH

All known versions of the Netgear Genie Installer for macOS contain a local privilege escalation vulnerability. The installer of the macOS version of Netgear Genie handles certain files in an insecure way. A malicious actor who has local access to the endpoint on which the software is going to be installed may overwrite certain files to obtain privilege escalation to root.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-732,

Products Affected

Vendor Product Version
netgear genie_installer -
CVE-2021-20173 MEDIUM

Netgear Nighthawk R6700 version 1.0.4.120 contains a command injection vulnerability in update functionality of the device. By triggering a system update check via the SOAP interface, the device is susceptible to command injection via preconfigured values.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
netgear r6700_firmware 1.0.4.120
CVE-2021-20174 MEDIUM

Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure communication methods to the web interface. By default, all communication to/from the device's web interface is sent via HTTP, which causes potentially sensitive information (such as usernames and passwords) to be transmitted in cleartext.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-319,

Products Affected

Vendor Product Version
netgear r6700_firmware 1.0.4.120
CVE-2021-20175 MEDIUM

Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure communication methods to the SOAP interface. By default, all communication to/from the device's SOAP Interface (port 5000) is sent via HTTP, which causes potentially sensitive information (such as usernames and passwords) to be transmitted in cleartext

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-319,

Products Affected

Vendor Product Version
netgear r6700_firmware 1.0.4.120
CVE-2021-23147 HIGH

Netgear Nighthawk R6700 version 1.0.4.120 does not have sufficient protections for the UART console. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection and execute commands as the root user without authentication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
netgear r6700_firmware 1.0.4.120
CVE-2021-27239 HIGH

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400 and R6700 firmware version 1.0.4.98 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the upnpd service, which listens on UDP port 1900 by default. A crafted MX header field in an SSDP message can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11851.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-121,

Products Affected

Vendor Product Version
netgear d7000_firmware *
netgear r7850_firmware *
netgear r7000_firmware *
netgear r7900p_firmware *
netgear d6220_firmware *
netgear r7000p_firmware *
netgear wnr3500l_firmware *
netgear r8000_firmware *
netgear rbr850_firmware *
netgear d6400_firmware *
netgear rbr750_firmware *
netgear rax200_firmware *
netgear rax75_firmware *
netgear ex7500_firmware *
netgear r6400_firmware *
netgear wndr3400_firmware *
netgear r8500_firmware *
netgear r6250_firmware *
netgear r6900p_firmware *
netgear r8300_firmware *
netgear rax80_firmware *
netgear d8500_firmware *
netgear ex7000_firmware *
netgear rbs40v_firmware *
netgear xr300_firmware *
netgear r6700_firmware *
netgear dc112a_firmware *
netgear rbs750_firmware *
netgear r7900_firmware *
netgear r6300_firmware *
netgear r7960p_firmware *
netgear rs400_firmware *
netgear r7100lg_firmware *
netgear rbs850_firmware *
netgear r8000p_firmware *
CVE-2021-27251 HIGH

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Authentication is not required to exploit this vulnerability The specific flaw exists within handling of firmware updates. The issue results from a fallback to a insecure protocol to deliver updates. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12308.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-319,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear rbs50_firmware *
netgear rbk44_firmware *
netgear lbr20_firmware *
netgear rbk23_firmware *
netgear rbs10_firmware *
netgear ex7300_firmware *
netgear ex7300v2_firmware *
netgear br200_firmware *
netgear ex6420_firmware *
netgear rbr50_firmware *
netgear xr450_firmware *
netgear rbk13_firmware *
netgear ex6150_firmware *
netgear rbs20_firmware *
netgear rbk12_firmware *
netgear xr700_firmware *
netgear rbk40_firmware *
netgear rbr10_firmware *
netgear rbr40_firmware *
netgear rbs50y_firmware *
netgear rbr20_firmware *
netgear br500_firmware *
netgear ex6400v2_firmware *
netgear ex6410_firmware *
netgear ex8000_firmware *
netgear rbk14_firmware *
netgear r7800_firmware *
netgear rbk43s_firmware *
netgear ex6250_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rbk53_firmware *
netgear ex6400_firmware *
netgear rbk43_firmware *
netgear d7800_firmware *
netgear rbk50_firmware *
netgear rbk20_firmware *
netgear ex7700_firmware *
netgear ex6100v2_firmware *
netgear r8900_firmware *
netgear ex7320_firmware *
netgear rbk15_firmware *
CVE-2021-27252 HIGH

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the vendor_specific DHCP opcode. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12216.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear rbs50_firmware *
netgear rbk44_firmware *
netgear lbr20_firmware *
netgear rbk23_firmware *
netgear rbs10_firmware *
netgear ex7300_firmware *
netgear ex7300v2_firmware *
netgear br200_firmware *
netgear ex6420_firmware *
netgear rbr50_firmware *
netgear xr450_firmware *
netgear rbk13_firmware *
netgear ex6150_firmware *
netgear rbs20_firmware *
netgear rbk12_firmware *
netgear xr700_firmware *
netgear rbk40_firmware *
netgear rbr10_firmware *
netgear rbr40_firmware *
netgear rbs50y_firmware *
netgear rbr20_firmware *
netgear br500_firmware *
netgear ex6400v2_firmware *
netgear ex6410_firmware *
netgear ex8000_firmware *
netgear rbk14_firmware *
netgear r7800_firmware *
netgear rbk43s_firmware *
netgear ex6250_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rbk53_firmware *
netgear ex6400_firmware *
netgear rbk43_firmware *
netgear d7800_firmware *
netgear rbk50_firmware *
netgear rbk20_firmware *
netgear ex7700_firmware *
netgear ex6100v2_firmware *
netgear r8900_firmware *
netgear ex7320_firmware *
netgear rbk15_firmware *
CVE-2021-27253 HIGH

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the rc_service parameter provided to apply_bind.cgi. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12303.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear rbs50_firmware *
netgear rbk44_firmware *
netgear lbr20_firmware *
netgear rbk23_firmware *
netgear rbs10_firmware *
netgear ex7300_firmware *
netgear ex7300v2_firmware *
netgear br200_firmware *
netgear ex6420_firmware *
netgear rbr50_firmware *
netgear xr450_firmware *
netgear rbk13_firmware *
netgear ex6150_firmware *
netgear rbs20_firmware *
netgear rbk12_firmware *
netgear xr700_firmware *
netgear rbk40_firmware *
netgear rbr10_firmware *
netgear rbr40_firmware *
netgear rbs50y_firmware *
netgear rbr20_firmware *
netgear br500_firmware *
netgear ex6400v2_firmware *
netgear ex6410_firmware *
netgear ex8000_firmware *
netgear rbk14_firmware *
netgear r7800_firmware *
netgear rbk43s_firmware *
netgear ex6250_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rbk53_firmware *
netgear ex6400_firmware *
netgear rbk43_firmware *
netgear d7800_firmware *
netgear rbk50_firmware *
netgear rbk20_firmware *
netgear ex7700_firmware *
netgear ex6100v2_firmware *
netgear r8900_firmware *
netgear ex7320_firmware *
netgear rbk15_firmware *
CVE-2021-27254 HIGH

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the apply_save.cgi endpoint. This issue results from the use of hard-coded encryption key. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-12287.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-259,CWE-798,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear rbs50_firmware *
netgear rbk44_firmware *
netgear lbr20_firmware *
netgear rbk23_firmware *
netgear rbs10_firmware *
netgear ex7300_firmware *
netgear ex7300v2_firmware *
netgear br200_firmware *
netgear ex6420_firmware *
netgear rbr50_firmware *
netgear xr450_firmware *
netgear rbk13_firmware *
netgear rbs20_firmware *
netgear rbk12_firmware *
netgear xr700_firmware *
netgear rbk40_firmware *
netgear rbr10_firmware *
netgear rbr40_firmware *
netgear rbs50y_firmware *
netgear rbr20_firmware *
netgear br500_firmware *
netgear ex6150v2_firmware *
netgear ex6400v2_firmware *
netgear ex6410_firmware *
netgear ex8000_firmware *
netgear rbk14_firmware *
netgear r7800_firmware *
netgear rbk43s_firmware *
netgear ex6250_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rbk53_firmware *
netgear ex6400_firmware *
netgear rbk43_firmware *
netgear d7800_firmware *
netgear rbk50_firmware *
netgear rbk20_firmware *
netgear ex7700_firmware *
netgear ex6100v2_firmware *
netgear r8900_firmware *
netgear ex7320_firmware *
netgear rbk15_firmware *
CVE-2021-27255 HIGH

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the refresh_status.aspx endpoint. The issue results from a lack of authentication required to start a service on the server. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12360.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear rbs50_firmware *
netgear rbk44_firmware *
netgear lbr20_firmware *
netgear rbk23_firmware *
netgear rbs10_firmware *
netgear ex7300_firmware *
netgear ex7300v2_firmware *
netgear br200_firmware *
netgear ex6420_firmware *
netgear rbr50_firmware *
netgear xr450_firmware *
netgear rbk13_firmware *
netgear rbs20_firmware *
netgear rbk12_firmware *
netgear xr700_firmware *
netgear rbk40_firmware *
netgear rbr10_firmware *
netgear rbr40_firmware *
netgear rbs50y_firmware *
netgear rbr20_firmware *
netgear br500_firmware *
netgear ex6150v2_firmware *
netgear ex6400v2_firmware *
netgear ex6410_firmware *
netgear ex8000_firmware *
netgear rbk14_firmware *
netgear r7800_firmware *
netgear rbk43s_firmware *
netgear ex6250_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rbk53_firmware *
netgear ex6400_firmware *
netgear rbk43_firmware *
netgear d7800_firmware *
netgear rbk50_firmware *
netgear rbk20_firmware *
netgear ex7700_firmware *
netgear ex6100v2_firmware *
netgear r8900_firmware *
netgear ex7320_firmware *
netgear rbk15_firmware *
CVE-2021-27256 HIGH

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the rc_service parameter provided to apply_save.cgi. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12355.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear rbs50_firmware *
netgear rbk44_firmware *
netgear lbr20_firmware *
netgear rbk23_firmware *
netgear rbs10_firmware *
netgear ex7300_firmware *
netgear ex7300v2_firmware *
netgear br200_firmware *
netgear ex6420_firmware *
netgear rbr50_firmware *
netgear xr450_firmware *
netgear rbk13_firmware *
netgear rbs20_firmware *
netgear rbk12_firmware *
netgear xr700_firmware *
netgear rbk40_firmware *
netgear rbr10_firmware *
netgear rbr40_firmware *
netgear rbs50y_firmware *
netgear rbr20_firmware *
netgear br500_firmware *
netgear ex6150v2_firmware *
netgear ex6400v2_firmware *
netgear ex6410_firmware *
netgear ex8000_firmware *
netgear rbk14_firmware *
netgear r7800_firmware *
netgear rbk43s_firmware *
netgear ex6250_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rbk53_firmware *
netgear ex6400_firmware *
netgear rbk43_firmware *
netgear d7800_firmware *
netgear rbk50_firmware *
netgear rbk20_firmware *
netgear ex7700_firmware *
netgear ex6100v2_firmware *
netgear r8900_firmware *
netgear ex7320_firmware *
netgear rbk15_firmware *
CVE-2021-27257 LOW

This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via FTP. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-12362.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-295,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear rbs50_firmware *
netgear rbk44_firmware *
netgear lbr20_firmware *
netgear rbk23_firmware *
netgear rbs10_firmware *
netgear ex7300_firmware *
netgear ex7300v2_firmware *
netgear br200_firmware *
netgear ex6420_firmware *
netgear rbr50_firmware *
netgear xr450_firmware *
netgear rbk13_firmware *
netgear rbs20_firmware *
netgear rbk12_firmware *
netgear xr700_firmware *
netgear rbk40_firmware *
netgear rbr10_firmware *
netgear rbr40_firmware *
netgear rbs50y_firmware *
netgear rbr20_firmware *
netgear br500_firmware *
netgear ex6150v2_firmware *
netgear ex6400v2_firmware *
netgear ex6410_firmware *
netgear ex8000_firmware *
netgear rbk14_firmware *
netgear r7800_firmware *
netgear rbk43s_firmware *
netgear ex6250_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rbk53_firmware *
netgear ex6400_firmware *
netgear rbk43_firmware *
netgear d7800_firmware *
netgear rbk50_firmware *
netgear rbk20_firmware *
netgear ex7700_firmware *
netgear ex6100v2_firmware *
netgear r8900_firmware *
netgear ex7320_firmware *
netgear rbk15_firmware *
CVE-2021-27272 HIGH

This vulnerability allows remote attackers to delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ReportTemplateController class. When parsing the path parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-12123.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 2.8 4.2

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
netgear prosafe_network_management_system 1.6.0.26
CVE-2021-27273 HIGH

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SettingConfigController class. When parsing the fileName parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-12121.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
netgear prosafe_network_management_system 1.6.0.26
CVE-2021-27274 HIGH

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MFileUploadController class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-12124.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-434,

Products Affected

Vendor Product Version
netgear prosafe_network_management_system 1.6.0.26
CVE-2021-27275 MEDIUM

This vulnerability allows remote attackers to disclose sensitive information and delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ConfigFileController class. When parsing the realName parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose sensitive information or to create a denial-of-service condition on the system. Was ZDI-CAN-12125.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.3 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H 2.8 5.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
netgear prosafe_network_management_system 1.6.0.26
CVE-2021-27276 MEDIUM

This vulnerability allows remote attackers to delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the MibController class. When parsing the realName parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-12122.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 2.8 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
netgear prosafe_network_management_system 1.6.0.26
CVE-2021-29065 HIGH

NETGEAR RBR850 devices before 3.2.10.11 are affected by authentication bypass.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear rbr850_firmware *
CVE-2021-29066 HIGH

Certain NETGEAR devices are affected by authentication bypass. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0
nvd@nist.gov 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear rbk853_firmware *
netgear rbk854_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
CVE-2021-29067 HIGH

Certain NETGEAR devices are affected by authentication bypass. This affects RBW30 before 2.6.2.2, RBS40V before 2.6.2.4, RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, RBK753 before 3.2.17.12, RBK753S before 3.2.17.12, RBK754 before 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear rbw30_firmware *
netgear rbs40v_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
netgear rbk754_firmware *
netgear rbk753s_firmware *
netgear rbk752_firmware *
netgear rbk753_firmware *
netgear rbk853_firmware *
netgear rbk854_firmware *
netgear rbs850_firmware *
CVE-2021-29068 MEDIUM

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R6700v3 before 1.0.4.98, R6400v2 before 1.0.4.98, R7000 before 1.0.11.106, R6900P before 1.3.2.124, R7000P before 1.3.2.124, R7900 before 1.0.4.26, R7850 before 1.0.5.60, R8000 before 1.0.4.58, RS400 before 1.5.0.48, R6400 before 1.0.1.62, R6700 before 1.0.2.16, R6900 before 1.0.2.16, MK60 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, CBR40 before 2.5.0.10, R8000P before 1.4.1.62, R7960P before 1.4.1.62, R7900P before 1.4.1.62, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RAX200 before 1.0.2.102, RAX45 before 1.0.2.64, RAX50 before 1.0.2.64, EX7500 before 1.0.0.68, EAX80 before 1.0.1.62, EAX20 before 1.0.0.36, RBK752 before 3.2.16.6, RBK753 before 3.2.16.6, RBK753S before 3.2.16.6, RBK754 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBK853 before 3.2.16.6, RBK854 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, R6120 before 1.0.0.70, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.76, R6850 before 1.1.0.76, R6350 before 1.1.0.76, R6330 before 1.1.0.76, D7800 before 1.0.1.58, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, RBK40 before 2.6.1.36, RBR40 before 2.6.1.36, RBS40 before 2.6.1.38, RBK23 before 2.6.1.36, RBR20 before 2.6.1.38, RBS20 before 2.6.1.38, RBK12 before 2.6.1.44, RBK13 before 2.6.1.44, RBK14 before 2.6.1.44, RBK15 before 2.6.1.44, RBR10 before 2.6.1.44, RBS10 before 2.6.1.44, R6800 before 1.2.0.72, R6900v2 before 1.2.0.72, R6700v2 before 1.2.0.72, R7200 before 1.2.0.72, R7350 before 1.2.0.72, R7400 before 1.2.0.72, R7450 before 1.2.0.72, AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, R7800 before 1.0.2.74, R8900 before 1.0.5.24, R9000 before 1.0.5.24, RAX120 before 1.0.1.136, XR450 before 2.3.2.66, XR500 before 2.3.2.66, XR700 before 1.0.1.34, and XR300 before 1.0.3.50.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.9 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 3.1 6.0
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netgear mk60_firmware *
netgear r6230_firmware *
netgear r7850_firmware *
netgear r6900_firmware *
netgear r7400_firmware *
netgear r7000_firmware *
netgear rax20_firmware *
netgear rbk23_firmware *
netgear r7450_firmware *
netgear r8000_firmware *
netgear rbs10_firmware *
netgear eax20_firmware *
netgear rax200_firmware *
netgear rax120_firmware *
netgear r6350_firmware *
netgear rbr50_firmware *
netgear rax75_firmware *
netgear r7200_firmware *
netgear ms60_firmware *
netgear r6400_firmware *
netgear rax15_firmware *
netgear rbk12_firmware *
netgear xr700_firmware *
netgear rbr10_firmware *
netgear rbr40_firmware *
netgear r6800_firmware *
netgear r6900p_firmware *
netgear rbr20_firmware *
netgear rax80_firmware *
netgear r6330_firmware *
netgear r7800_firmware *
netgear xr300_firmware *
netgear rbk754_firmware *
netgear r7900_firmware *
netgear d7800_firmware *
netgear rs400_firmware *
netgear rbk854_firmware *
netgear r8900_firmware *
netgear eax80_firmware *
netgear r6120_firmware *
netgear rbk15_firmware *
netgear rbs40_firmware *
netgear r6260_firmware *
netgear rbs50_firmware *
netgear r7900p_firmware *
netgear r7000p_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbr840_firmware *
netgear rbr750_firmware *
netgear rax50_firmware *
netgear xr450_firmware *
netgear rbk13_firmware *
netgear r6850_firmware *
netgear rbk752_firmware *
netgear ex7500_firmware *
netgear rbk842_firmware *
netgear rbs840_firmware *
netgear rbk853_firmware *
netgear rbs20_firmware *
netgear rbk40_firmware *
netgear ac2400_firmware *
netgear rax45_firmware *
netgear cbr40_firmware *
netgear rbk14_firmware *
netgear ac2100_firmware *
netgear r6700_firmware *
netgear rbs750_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rbk753s_firmware *
netgear rbk50_firmware *
netgear r7350_firmware *
netgear ac2600_firmware *
netgear mr60_firmware *
netgear r7960p_firmware *
netgear rbk753_firmware *
netgear rbs850_firmware *
netgear r8000p_firmware *
netgear r6220_firmware *
CVE-2021-29069 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects XR450 before 2.3.2.114, XR500 before 2.3.2.114, and WNR2000v5 before 1.0.0.76.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 7.3 HIGH CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H 0.7 6.0
nvd@nist.gov 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear wnr2000v5_firmware *
netgear xr450_firmware *
netgear xr500_firmware *
CVE-2021-29070 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0
nvd@nist.gov 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk853_firmware *
netgear rbk854_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
CVE-2021-29071 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBR752 before 3.2.17.12, RBR753 before 3.2.17.12, RBR753S before 3.2.17.12, RBR754 before 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0
nvd@nist.gov 9.0 CRITICAL CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.3 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbr753s_firmware *
netgear rbk853_firmware *
netgear rbr753_firmware *
netgear rbr754_firmware *
netgear rbk854_firmware *
netgear rbk852_firmware *
netgear rbr752_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
CVE-2021-29072 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0
nvd@nist.gov 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk853_firmware *
netgear rbk854_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
CVE-2021-29073 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R8000P before 1.4.1.66, MK62 before 1.0.6.110, MR60 before 1.0.6.110, MS60 before 1.0.6.110, R7960P before 1.4.1.66, R7900P before 1.4.1.66, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX45 before 1.0.2.72, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, RAX80 before 1.0.3.106, and RAX200 before 1.0.3.106.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0
cve@mitre.org 7.6 HIGH CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 1.0 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear rax80_firmware *
netgear r7900p_firmware *
netgear rax20_firmware *
netgear rax200_firmware *
netgear rax50_firmware *
netgear rax75_firmware *
netgear mr60_firmware *
netgear ms60_firmware *
netgear rax15_firmware *
netgear r7960p_firmware *
netgear r8000p_firmware *
netgear rax45_firmware *
netgear mk62_firmware *
CVE-2021-29074 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects RBW30 before 2.6.2.2, RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, RBK753 before 3.2.17.12, RBK753S before 3.2.17.12, RBK754 before 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear rbw30_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
netgear rbk754_firmware *
netgear rbk753s_firmware *
netgear rbk752_firmware *
netgear rbk753_firmware *
netgear rbk853_firmware *
netgear rbk854_firmware *
netgear rbs850_firmware *
CVE-2021-29075 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects RBW30 before 2.6.2.2, RBK852 before 3.2.17.12, RBK852 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, RBK753 before 3.2.17.12, RBK753S before 3.2.17.12, RBK754 before 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear rbw30_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
netgear rbk754_firmware *
netgear rbk753s_firmware *
netgear rbk752_firmware *
netgear rbk753_firmware *
netgear rbk853_firmware *
netgear rbk854_firmware *
netgear rbs850_firmware *
CVE-2021-29076 MEDIUM

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0
nvd@nist.gov 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk853_firmware *
netgear rbk854_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
CVE-2021-29077 MEDIUM

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBW30 before 2.6.2.2, RBS40V before 2.6.2.4, RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, RBK753 before 3.2.17.12, RBK753S before 3.2.17.12, RBK754 before 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0
nvd@nist.gov 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbw30_firmware *
netgear rbs40v_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
netgear rbk754_firmware *
netgear rbk753s_firmware *
netgear rbk752_firmware *
netgear rbk753_firmware *
netgear rbk853_firmware *
netgear rbk854_firmware *
netgear rbs850_firmware *
CVE-2021-29078 MEDIUM

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, RBK753 before 3.2.17.12, RBK753S before 3.2.17.12, RBK754 before 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0
nvd@nist.gov 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk752_firmware *
netgear rbk753_firmware *
netgear rbk853_firmware *
netgear rbk854_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
netgear rbk754_firmware *
netgear rbk753s_firmware *
CVE-2021-29079 MEDIUM

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0
nvd@nist.gov 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk853_firmware *
netgear rbk854_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
CVE-2021-29080 MEDIUM

Certain NETGEAR devices are affected by password reset by an unauthenticated attacker. This affects RBK852 before 3.2.10.11, RBK853 before 3.2.10.11, RBR854 before 3.2.10.11, RBR850 before 3.2.10.11, RBS850 before 3.2.10.11, CBR40 before 2.5.0.10, R7000 before 1.0.11.116, R6900P before 1.3.2.126, R7900 before 1.0.4.38, R7960P before 1.4.1.66, R8000 before 1.0.4.66, R7900P before 1.4.1.66, R8000P before 1.4.1.66, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, and R7000P before 1.3.2.126.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 2.8 5.2
cve@mitre.org 8.1 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-640,

Products Affected

Vendor Product Version
netgear cbr40_firmware *
netgear rax80_firmware *
netgear r7000_firmware *
netgear r7900p_firmware *
netgear r7000p_firmware *
netgear rbk852_firmware *
netgear r8000_firmware *
netgear rbr850_firmware *
netgear r7900_firmware *
netgear rax75_firmware *
netgear rbr854_firmware *
netgear r7960p_firmware *
netgear rbk853_firmware *
netgear rbs850_firmware *
netgear r8000p_firmware *
netgear r6900p_firmware *
CVE-2021-29081 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects RBW30 before 2.6.2.2, RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, RBK753 before 3.2.17.12, RBK753S before 3.2.17.12, RBK754 before 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear rbw30_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
netgear rbk754_firmware *
netgear rbk753s_firmware *
netgear rbk752_firmware *
netgear rbk753_firmware *
netgear rbk853_firmware *
netgear rbk854_firmware *
netgear rbs850_firmware *
CVE-2021-29082 LOW

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBW30 before 2.6.1.4, RBS40V before 2.6.1.4, RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBK754 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBK854 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L 2.8 5.3
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L 2.8 6.0

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear rbw30_firmware *
netgear rbs40v_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
netgear rbk754_firmware *
netgear rbk753s_firmware *
netgear rbk752_firmware *
netgear rbk753_firmware *
netgear rbk853_firmware *
netgear rbk854_firmware *
netgear rbs850_firmware *
CVE-2021-31802 HIGH

NETGEAR R7000 1.0.11.116 devices have a heap-based Buffer Overflow that is exploitable from the local network without authentication. The vulnerability exists within the handling of an HTTP request. An attacker can leverage this to execute code as root. The problem is that a user-provided length value is trusted during a backup.cgi file upload. The attacker must add a \n before the Content-Length header.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear r7000_firmware *
CVE-2021-32122 MEDIUM

Certain NETGEAR devices are affected by CSRF. This affects EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, and EX6130 before 1.0.0.44.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.1 5.9
cve@mitre.org 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
netgear ex6120_firmware *
netgear ex6130_firmware *
netgear ex3700_firmware *
netgear ex3800_firmware *
CVE-2021-33514 HIGH

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker via the vulnerable /sqfs/lib/libsal.so.0.0 library used by a CGI application, as demonstrated by setup.cgi?token=';$HTTP_USER_AGENT;' with an OS command in the User-Agent field. This affects GC108P before 1.0.7.3, GC108PP before 1.0.7.3, GS108Tv3 before 7.0.6.3, GS110TPPv1 before 7.0.6.3, GS110TPv3 before 7.0.6.3, GS110TUPv1 before 1.0.4.3, GS710TUPv1 before 1.0.4.3, GS716TP before 1.0.2.3, GS716TPP before 1.0.2.3, GS724TPPv1 before 2.0.4.3, GS724TPv2 before 2.0.4.3, GS728TPPv2 before 6.0.6.3, GS728TPv2 before 6.0.6.3, GS752TPPv1 before 6.0.6.3, GS752TPv2 before 6.0.6.3, MS510TXM before 1.0.2.3, and MS510TXUP before 1.0.2.3.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cve@mitre.org 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
netgear gs724tpp_firmware *
netgear gs728tpp_firmware *
netgear gs752tp_firmware *
netgear gs716tp_firmware *
netgear ms510txm_firmware *
netgear gs110tpp_firmware *
netgear gc108pp_firmware *
netgear gs110tup_firmware *
netgear gs752tpp_firmware *
netgear ms510txup_firmware *
netgear gs710tup_firmware *
netgear gs110tp_firmware *
netgear gs728tp_firmware *
netgear gs716tpp_firmware *
netgear gs108t_firmware *
netgear gc108p_firmware *
netgear gs724tp_firmware *
CVE-2021-34236

Buffer Overflow in Netgear R8000 Router with firmware v1.0.4.56 allows remote attackers to execute arbitrary code or cause a denial-of-service by sending a crafted POST to '/bd_genie_create_account.cgi' with a sufficiently long parameter 'register_country'.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
netgear r8000_firmware 1.0.4.56
CVE-2021-34865 HIGH

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-13313.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,CWE-697,

Products Affected

Vendor Product Version
netgear r6900v2_firmware *
netgear r6260_firmware *
netgear r6230_firmware *
netgear r6330_firmware *
netgear r6700v2_firmware *
netgear r7400_firmware *
netgear ac2100_firmware *
netgear r7450_firmware *
netgear r6350_firmware *
netgear r7350_firmware *
netgear r7200_firmware *
netgear r6850_firmware *
netgear ac2600_firmware *
netgear r6220_firmware *
netgear r6800_firmware *
netgear ac2400_firmware *
netgear d7000v1_firmware *
CVE-2021-34870 LOW

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR XR1000 1.0.0.52_1.0.38 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of SOAP messages. The issue results from a lack of authentication required for a privileged request. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-13325.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-306,

Products Affected

Vendor Product Version
netgear xr1000 1.0.0.52_1.0.38
CVE-2021-34947

NETGEAR R7800 net-cgi Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the soap_block_table file. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-13055.

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear r6700ax_firmware *
netgear rbs50_firmware *
netgear lbr20_firmware *
netgear rax10_firmware *
netgear rbs10_firmware *
netgear ex6500v1_firmware *
netgear rax78_firmware *
netgear rax120_firmware *
netgear ex7300_firmware *
netgear ex7300v2_firmware *
netgear ex6420_firmware *
netgear rbr50_firmware *
netgear xr450_firmware *
netgear ex6150_firmware *
netgear rbs20_firmware *
netgear rax70_firmware *
netgear xr700_firmware *
netgear wn3000rpv2_firmware *
netgear ex2700_firmware *
netgear rbr10_firmware *
netgear rbr40_firmware *
netgear rbs50y_firmware *
netgear rbr20_firmware *
netgear ex6100_firmware *
netgear ex6400v2_firmware *
netgear ex6410_firmware *
netgear ex8000_firmware *
netgear ex6200_firmware *
netgear r7800_firmware *
netgear ex6250_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear ex6400_firmware *
netgear wnr2000v5_firmware *
netgear d7800_firmware *
netgear rax120v2_firmware *
netgear lbr1020_firmware *
netgear ex7700_firmware *
netgear r8900_firmware *
netgear ex7320_firmware *
CVE-2021-34977 MEDIUM

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7000 1.0.11.116_10.2.100 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of SOAP requests. The issue results from the lack of proper authentication verification before performing a password reset. An attacker can leverage this vulnerability to reset the admin password. Was ZDI-CAN-13483.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-288,CWE-287,

Products Affected

Vendor Product Version
netgear r7000_firmware 1.0.11.116_10.2.100
CVE-2021-34978 HIGH

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 1.1.0.78_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setupwizard.cgi page. A crafted SOAP request can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13511.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-121,CWE-787,

Products Affected

Vendor Product Version
netgear r6260_firmware 1.1.0.78_1.0.1
CVE-2021-34979 HIGH

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 1.1.0.78_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SOAP requests. When parsing the SOAPAction header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13512.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
netgear r6260_firmware 1.1.0.78_1.0.1
CVE-2021-34980 HIGH

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 1.1.0.78_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setupwizard.cgi page. When parsing the SOAP_LOGIN_TOKEN environment variable, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-14107.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-121,CWE-787,

Products Affected

Vendor Product Version
netgear r6260_firmware 1.1.0.78_1.0.1
CVE-2021-34982

NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. When parsing the strings file, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-13709.

Products Affected

Vendor Product Version
netgear r7850_firmware *
netgear rax48_firmware *
netgear d7000v2_firmware *
netgear r7000_firmware *
netgear rax20_firmware *
netgear rax43_firmware *
netgear r8000_firmware *
netgear r6400v2_firmware *
netgear rax200_firmware *
netgear rax38v2_firmware *
netgear wndr3400v3_firmware *
netgear rax75_firmware *
netgear rax50s_firmware *
netgear ms60_firmware *
netgear r6400_firmware *
netgear rax15_firmware *
netgear ex6120_firmware *
netgear mr80_firmware *
netgear r8500_firmware *
netgear r6900p_firmware *
netgear r8300_firmware *
netgear rax40v2_firmware *
netgear rax80_firmware *
netgear raxe450_firmware *
netgear raxe500_firmware *
netgear xr300_firmware *
netgear rs400_firmware *
netgear ex3700_firmware *
netgear lax20_firmware *
netgear wnr3500lv2_firmware *
netgear rax42_firmware *
netgear r7900p_firmware *
netgear d6220_firmware *
netgear r7000p_firmware *
netgear dgn2200v4_firmware *
netgear rax35v2_firmware *
netgear d6400_firmware *
netgear ex3800_firmware *
netgear rax50_firmware *
netgear ex7500_firmware *
netgear rax45_firmware *
netgear v6510-1fxaus_firmware *
netgear ex6130_firmware *
netgear ex7000_firmware *
netgear xr1000_firmware *
netgear dc112a_firmware *
netgear r6700v3_firmware *
netgear ms80_firmware *
netgear mr60_firmware *
netgear r7960p_firmware *
netgear r7100lg_firmware *
netgear r8000p_firmware *
CVE-2021-34983

NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of authentication prior to allowing access to system configuration information. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-13708.

Products Affected

Vendor Product Version
netgear r7850_firmware *
netgear rax48_firmware *
netgear d7000v2_firmware *
netgear r7000_firmware *
netgear rax20_firmware *
netgear rax43_firmware *
netgear r8000_firmware *
netgear r6400v2_firmware *
netgear rax200_firmware *
netgear rax38v2_firmware *
netgear wndr3400v3_firmware *
netgear rax75_firmware *
netgear rax50s_firmware *
netgear ms60_firmware *
netgear r6400_firmware *
netgear rax15_firmware *
netgear ex6120_firmware *
netgear mr80_firmware *
netgear r8500_firmware *
netgear r6900p_firmware *
netgear r8300_firmware *
netgear rax40v2_firmware *
netgear rax80_firmware *
netgear raxe450_firmware *
netgear raxe500_firmware *
netgear xr300_firmware *
netgear rs400_firmware *
netgear ex3700_firmware *
netgear lax20_firmware *
netgear wnr3500lv2_firmware *
netgear rax42_firmware *
netgear r7900p_firmware *
netgear d6220_firmware *
netgear r7000p_firmware *
netgear dgn2200v4_firmware *
netgear rax35v2_firmware *
netgear d6400_firmware *
netgear ex3800_firmware *
netgear rax50_firmware *
netgear ex7500_firmware *
netgear rax45_firmware *
netgear v6510-1fxaus_firmware *
netgear ex6130_firmware *
netgear ex7000_firmware *
netgear xr1000_firmware *
netgear dc112a_firmware *
netgear r6700v3_firmware *
netgear ms80_firmware *
netgear mr60_firmware *
netgear r7960p_firmware *
netgear r7100lg_firmware *
netgear r8000p_firmware *
CVE-2021-34991 HIGH

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400v2 1.0.4.106_10.0.80 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on TCP port 5000 by default. When parsing the uuid request header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-14110.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-121,CWE-787,

Products Affected

Vendor Product Version
netgear wnr3500lv2_firmware *
netgear rax42_firmware *
netgear r7850_firmware *
netgear rax48_firmware *
netgear d7000v2_firmware *
netgear r7000_firmware *
netgear r7900p_firmware *
netgear rax20_firmware *
netgear d6220_firmware *
netgear r7000p_firmware *
netgear dgn2200v4_firmware *
netgear rax35v2_firmware *
netgear rax43_firmware *
netgear r8000_firmware *
netgear d6400_firmware *
netgear ex3800_firmware *
netgear r6400v2_firmware *
netgear rax200_firmware *
netgear rax38v2_firmware *
netgear wndr3400v3_firmware *
netgear rax50_firmware *
netgear rax75_firmware *
netgear rax50s_firmware *
netgear r6400_firmware *
netgear rax15_firmware *
netgear ex6120_firmware *
netgear r8500_firmware *
netgear r6900p_firmware *
netgear rax45_firmware *
netgear r8300_firmware *
netgear rax40v2_firmware *
netgear rax80_firmware *
netgear raxe450_firmware *
netgear raxe500_firmware *
netgear ex6130_firmware *
netgear cax80_firmware *
netgear xr300_firmware *
netgear dc112a_firmware *
netgear r6700v3_firmware *
netgear r7960p_firmware *
netgear rs400_firmware *
netgear r7100lg_firmware *
netgear ex3700_firmware *
netgear r8000p_firmware *
CVE-2021-35973 HIGH

NETGEAR WAC104 devices before 1.0.4.15 are affected by an authentication bypass vulnerability in /usr/sbin/mini_httpd, allowing an unauthenticated attacker to invoke any action by adding the &currentsetting.htm substring to the HTTP query, a related issue to CVE-2020-27866. This directly allows the attacker to change the web UI password, and eventually to enable debug mode (telnetd) and gain a shell on the device as the admin limited-user account (however, escalation to root is simple because of weak permissions on the /etc/ directory).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-697,

Products Affected

Vendor Product Version
netgear wac104_firmware *
CVE-2021-38513 HIGH

Certain NETGEAR devices are affected by authentication bypass. This affects RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, RBS850 before 3.2.10.11, CBR40 before 2.5.0.10, EAX20 before 1.0.0.48, MK62 before 1.0.6.110, MR60 before 1.0.6.110, MS60 before 1.0.6.110, RBK752 before 3.2.10.10, RBR750 before 3.2.10.10, and RBS750 before 3.2.10.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L 2.8 6.0

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear cbr40_firmware *
netgear rbk752_firmware *
netgear mr60_firmware *
netgear ms60_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
netgear eax20_firmware *
netgear mk62_firmware *
CVE-2021-38514 MEDIUM

Certain NETGEAR devices are affected by authentication bypass. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, D6100 before 1.0.0.63, D6200 before 1.1.00.34, D6220 before 1.0.0.48, D6400 before 1.0.0.86, D7000 before 1.0.1.70, D7000v2 before 1.0.0.52, D7800 before 1.0.1.56, D8500 before 1.0.3.44, DC112A before 1.0.0.42, DGN2200v4 before 1.0.0.108, DGND2200Bv4 before 1.0.0.108, EX2700 before 1.0.1.48, EX3700 before 1.0.0.76, EX3800 before 1.0.0.76, EX6000 before 1.0.0.38, EX6100 before 1.0.2.24, EX6100v2 before 1.0.1.76, EX6120 before 1.0.0.42, EX6130 before 1.0.0.28, EX6150v1 before 1.0.0.42, EX6150v2 before 1.0.1.76, EX6200 before 1.0.3.88, EX6200v2 before 1.0.1.72, EX6400 before 1.0.2.136, EX7000 before 1.0.0.66, EX7300 before 1.0.2.136, EX8000 before 1.0.1.180, RBK50 before 2.1.4.10, RBR50 before 2.1.4.10, RBS50 before 2.1.4.10, RBK40 before 2.1.4.10, RBR40 before 2.1.4.10, RBS40 before 2.1.4.10, RBW30 before 2.2.1.204, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6080 before 1.0.0.38, R6050 before 1.0.1.18, JR6150 before 1.0.1.18, R6120 before 1.0.0.46, R6220 before 1.1.0.86, R6250 before 1.0.4.34, R6300v2 before 1.0.4.32, R6400 before 1.0.1.44, R6400v2 before 1.0.2.62, R6700 before 1.0.1.48, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, R6900 before 1.0.1.48, R7000 before 1.0.9.34, R6900P before 1.3.1.64, R7000P before 1.3.1.64, R7100LG before 1.0.0.48, R7300DST before 1.0.0.70, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R7900 before 1.0.3.8, R8000 before 1.0.4.28, R7900P before 1.4.1.30, R8000P before 1.4.1.30, R8300 before 1.0.2.128, R8500 before 1.0.2.128, R9000 before 1.0.3.10, RBS40V before 2.2.0.58, RBK50V before 2.2.0.58, WN2000RPTv3 before 1.0.1.32, WN2500RPv2 before 1.0.1.54, WN3000RPv3 before 1.0.2.78, WN3100RPv2 before 1.0.0.66, WNDR3400v3 before 1.0.1.22, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.56, WNDR4500v3 before 1.0.0.56, WNR2000v5 (R2000) before 1.0.0.66, WNR2020 before 1.1.0.62, WNR2050 before 1.1.0.62, WNR3500Lv2 before 1.2.0.62, and XR500 before 2.3.2.22.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 2.4 LOW CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N 0.9 1.4
nvd@nist.gov 2.7 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N 1.2 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear wndr3700_firmware *
netgear r6900_firmware *
netgear r6080_firmware *
netgear r7000_firmware *
netgear wnr3500l_firmware *
netgear d6100_firmware *
netgear r8000_firmware *
netgear wn3100rp_firmware *
netgear ex7300_firmware *
netgear rbr50_firmware *
netgear r7300dst_firmware *
netgear ex6150_firmware *
netgear r6400_firmware *
netgear wndr3400_firmware *
netgear ex6120_firmware *
netgear wn2500rp_firmware *
netgear ex2700_firmware *
netgear r8500_firmware *
netgear rbr40_firmware *
netgear r6800_firmware *
netgear r6250_firmware *
netgear r6900p_firmware *
netgear r8300_firmware *
netgear ex8000_firmware *
netgear rbw30_firmware *
netgear d8500_firmware *
netgear r7800_firmware *
netgear d6000_firmware *
netgear ex6400_firmware *
netgear r7900_firmware *
netgear d7800_firmware *
netgear r6300_firmware *
netgear ex3700_firmware *
netgear r7500_firmware *
netgear wnr2000_firmware *
netgear r6120_firmware *
netgear rbs40_firmware *
netgear rbs50_firmware *
netgear wnr2050_firmware *
netgear d7000_firmware *
netgear rbk50v_firmware *
netgear r7900p_firmware *
netgear d6220_firmware *
netgear wndr4300_firmware *
netgear r7000p_firmware *
netgear d6400_firmware *
netgear r6020_firmware *
netgear ex3800_firmware *
netgear wndr4500_firmware *
netgear rbk40_firmware *
netgear jr6150_firmware *
netgear pr2000_firmware *
netgear dgn2200_firmware *
netgear ex6100_firmware *
netgear ex6200_firmware *
netgear r6050_firmware *
netgear ex6130_firmware *
netgear ex6000_firmware *
netgear ex7000_firmware *
netgear wn2000rpt_firmware *
netgear rbs40v_firmware *
netgear r6700_firmware *
netgear dc112a_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rbk50_firmware *
netgear d6200_firmware *
netgear dgnd2200b_firmware *
netgear d3600_firmware *
netgear r7100lg_firmware *
netgear wn3000rp_firmware *
netgear r8000p_firmware *
netgear r6220_firmware *
netgear wnr2020_firmware *
CVE-2021-38515 MEDIUM

Certain NETGEAR devices are affected by denial of service. This affects R6400v2 before 1.0.4.98, R6700v3 before 1.0.4.98, R7900 before 1.0.3.18, and R8000 before 1.0.4.46.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 7.4 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H 2.8 4.0
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear r7900_firmware *
netgear r6400_firmware *
netgear r6700_firmware *
netgear r8000_firmware *
CVE-2021-38516 HIGH

Certain NETGEAR devices are affected by lack of access control at the function level. This affects D6220 before 1.0.0.48, D6400 before 1.0.0.82, D7000v2 before 1.0.0.52, D7800 before 1.0.1.44, D8500 before 1.0.3.43, DC112A before 1.0.0.40, DGN2200v4 before 1.0.0.108, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBR40 before 2.3.0.28, RBS40 before 2.3.0.28, R6020 before 1.0.0.34, R6080 before 1.0.0.34, R6120 before 1.0.0.44, R6220 before 1.1.0.80, R6230 before 1.1.0.80, R6250 before 1.0.4.34, R6260 before 1.1.0.40, R6850 before 1.1.0.40, R6350 before 1.1.0.40, R6400v2 before 1.0.2.62, R6700v3 before 1.0.2.62, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, R7000 before 1.0.9.34, R6900P before 1.3.1.44, R7000P before 1.3.1.44, R7100LG before 1.0.0.48, R7200 before 1.2.0.48, R7350 before 1.2.0.48, R7400 before 1.2.0.48, R7450 before 1.2.0.36, AC2100 before 1.2.0.36, AC2400 before 1.2.0.36, AC2600 before 1.2.0.36, R7500v2 before 1.0.3.38, R7800 before 1.0.2.58, R7900 before 1.0.3.8, R7960P before 1.4.1.44, R8000 before 1.0.4.28, R7900P before 1.4.1.30, R8000P before 1.4.1.30, R8900 before 1.0.4.2, R9000 before 1.0.4.2, RAX120 before 1.0.0.74, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, WNR3500Lv2 before 1.2.0.56, XR450 before 2.3.2.32, and XR500 before 2.3.2.32.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cve@mitre.org 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
netgear r6230_firmware *
netgear r6900_firmware *
netgear r6080_firmware *
netgear r7400_firmware *
netgear r7000_firmware *
netgear wnr3500l_firmware *
netgear r7450_firmware *
netgear r8000_firmware *
netgear rax120_firmware *
netgear r6350_firmware *
netgear rbr50_firmware *
netgear r7200_firmware *
netgear r6400_firmware *
netgear rbr40_firmware *
netgear r6800_firmware *
netgear r6250_firmware *
netgear r6900p_firmware *
netgear rbr20_firmware *
netgear d8500_firmware *
netgear r7800_firmware *
netgear r7900_firmware *
netgear d7800_firmware *
netgear rbk20_firmware *
netgear r8900_firmware *
netgear r7500_firmware *
netgear r6120_firmware *
netgear rbs40_firmware *
netgear r6260_firmware *
netgear rbs50_firmware *
netgear d7000_firmware *
netgear r7900p_firmware *
netgear d6220_firmware *
netgear r7000p_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear d6400_firmware *
netgear rbr750_firmware *
netgear r6020_firmware *
netgear xr450_firmware *
netgear r6850_firmware *
netgear rbk752_firmware *
netgear rbs20_firmware *
netgear rbk40_firmware *
netgear ac2400_firmware *
netgear dgn2200_firmware *
netgear ac2100_firmware *
netgear r6700_firmware *
netgear dc112a_firmware *
netgear rbs750_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rbk50_firmware *
netgear r7350_firmware *
netgear ac2600_firmware *
netgear r7960p_firmware *
netgear r7100lg_firmware *
netgear rbs850_firmware *
netgear r8000p_firmware *
netgear r6220_firmware *
CVE-2021-38517 MEDIUM

Certain NETGEAR devices are affected by out-of-bounds reads and writes. This affects R6400 before 1.0.1.70, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, and XR300 before 1.0.3.50.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
cve@mitre.org 6.9 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H 1.7 4.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-787,

Products Affected

Vendor Product Version
netgear rax75_firmware *
netgear rax80_firmware *
netgear r6400_firmware *
netgear xr300_firmware *
CVE-2021-38518 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RAX200 before 1.0.4.120, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rax75_firmware *
netgear rax80_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rax200_firmware *
CVE-2021-38519 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6250 before 1.0.4.36, R6300v2 before 1.0.4.36, R6400 before 1.0.1.50, R6400v2 before 1.0.2.66, R6700v3 before 1.0.2.66, R6700 before 1.0.2.8, R6900 before 1.0.2.8, R7000 before 1.0.9.88, R6900P before 1.3.2.132, R7100LG before 1.0.0.52, R7900 before 1.0.3.10, R8000 before 1.0.4.46, R7900P before 1.4.1.50, R8000P before 1.4.1.50, and RAX80 before 1.0.1.40.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
cve@mitre.org 6.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L 0.8 5.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rax80_firmware *
netgear r6900_firmware *
netgear r7000_firmware *
netgear r7900p_firmware *
netgear r6700_firmware *
netgear r8000_firmware *
netgear r6400v2_firmware *
netgear r7900_firmware *
netgear r6300_firmware *
netgear r6400_firmware *
netgear r7100lg_firmware *
netgear r8000p_firmware *
netgear r6250_firmware *
netgear r6900p_firmware *
CVE-2021-38520 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6400 before 1.0.1.52, R6400v2 before 1.0.4.84, R6700v3 before 1.0.4.84, R6700v2 before 1.2.0.62, R6900v2 before 1.2.0.62, and R7000P before 1.3.2.124.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
cve@mitre.org 6.6 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.7 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear r6900_firmware *
netgear r6400_firmware *
netgear r7000p_firmware *
netgear r6700_firmware *
CVE-2021-38521 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6400 before 1.0.1.50, R7900P before 1.4.1.50, R8000P before 1.4.1.50, RAX75 before 1.0.1.62, and RAX80 before 1.0.1.62.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 6.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L 0.6 5.5
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rax75_firmware *
netgear rax80_firmware *
netgear r6400_firmware *
netgear r7900p_firmware *
netgear r8000p_firmware *
CVE-2021-38522 MEDIUM

NETGEAR R6400 devices before 1.0.1.52 are affected by a stack-based buffer overflow by an authenticated user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
cve@mitre.org 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear r6400_firmware *
CVE-2021-38523 MEDIUM

NETGEAR R6400 devices before 1.0.1.70 are affected by a stack-based buffer overflow by an authenticated user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 6.9 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H 1.7 4.7
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear r6400_firmware *
CVE-2021-38524 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects MK62 before 1.0.6.110, MR60 before 1.0.6.110, MS60 before 1.0.6.110, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX200 before 1.0.3.106, RAX45 before 1.0.2.32, RAX50 before 1.0.2.32, RAX75 before 1.0.3.106, RAX80 before 1.0.3.106, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, and RBS750 before 3.2.16.6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 4.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 0.9 3.6
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear rax80_firmware *
netgear rax20_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
netgear rax200_firmware *
netgear rax50_firmware *
netgear rax75_firmware *
netgear rbk752_firmware *
netgear mr60_firmware *
netgear ms60_firmware *
netgear rax15_firmware *
netgear rax45_firmware *
netgear mk62_firmware *
CVE-2021-38525 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6200 before 1.1.00.36, D7000 before 1.0.1.70, EX6200v2 before 1.0.1.78, EX7000 before 1.0.1.78, EX8000 before 1.0.1.186, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.42, R6050 before 1.0.1.18, R6080 before 1.0.0.42, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.64, R6300v2 before 1.0.4.34, R6700 before 1.0.2.6, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900 before 1.0.2.4, R6900P before 1.3.1.64, R6900v2 before 1.2.0.36, R7000 before 1.0.9.42, R7000P before 1.3.1.64, R7800 before 1.0.2.60, R8900 before 1.0.4.12, R9000 before 1.0.4.12, and XR500 before 2.3.2.40.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
cve@mitre.org 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear r6260_firmware *
netgear d7000_firmware *
netgear r6900_firmware *
netgear r6080_firmware *
netgear r7000_firmware *
netgear r7000p_firmware *
netgear r6020_firmware *
netgear jr6150_firmware *
netgear r6800_firmware *
netgear pr2000_firmware *
netgear r6900p_firmware *
netgear ex8000_firmware *
netgear ex6200_firmware *
netgear r6050_firmware *
netgear ex7000_firmware *
netgear r7800_firmware *
netgear r6700_firmware *
netgear d6000_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear d6200_firmware *
netgear r6300_firmware *
netgear d3600_firmware *
netgear r8900_firmware *
netgear r6220_firmware *
netgear r6120_firmware *
CVE-2021-38526 MEDIUM

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects RAX35 before 1.0.3.94, RAX38 before 1.0.3.94, and RAX40 before 1.0.3.94.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 4.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 2.8 1.4
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netgear rax38_firmware *
netgear rax35_firmware *
netgear rax40_firmware *
CVE-2021-38527 HIGH

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.14, EX6100v2 before 1.0.1.98, EX6150v2 before 1.0.1.98, EX6250 before 1.0.0.132, EX6400 before 1.0.2.158, EX6400v2 before 1.0.0.132, EX6410 before 1.0.0.132, EX6420 before 1.0.0.132, EX7300 before 1.0.2.158, EX7300v2 before 1.0.0.132, EX7320 before 1.0.0.132, EX7700 before 1.0.0.216, EX8000 before 1.0.1.232, R7800 before 1.0.2.78, RBK12 before 2.6.1.44, RBR10 before 2.6.1.44, RBS10 before 2.6.1.44, RBK20 before 2.6.1.38, RBR20 before 2.6.1.36, RBS20 before 2.6.1.38, RBK40 before 2.6.1.38, RBR40 before 2.6.1.36, RBS40 before 2.6.1.38, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBS40V before 2.6.2.4, RBS50Y before 2.6.1.40, RBW30 before 2.6.2.2, and XR500 before 2.3.2.114.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 8.1 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 2.8 5.2
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear rbs50_firmware *
netgear rbk852_firmware *
netgear rbs10_firmware *
netgear rbr850_firmware *
netgear rbr750_firmware *
netgear ex7300_firmware *
netgear ex6420_firmware *
netgear rbr50_firmware *
netgear ex6150_firmware *
netgear rbk752_firmware *
netgear rbs20_firmware *
netgear rbk12_firmware *
netgear rbk40_firmware *
netgear rbr10_firmware *
netgear rbr40_firmware *
netgear rbs50y_firmware *
netgear rbr20_firmware *
netgear cbr40_firmware *
netgear ex6100_firmware *
netgear ex6410_firmware *
netgear ex8000_firmware *
netgear rbw30_firmware *
netgear r7800_firmware *
netgear rbs40v_firmware *
netgear ex6250_firmware *
netgear rbs750_firmware *
netgear xr500_firmware *
netgear ex6400_firmware *
netgear rbk50_firmware *
netgear rbk20_firmware *
netgear ex7700_firmware *
netgear rbs850_firmware *
netgear ex7320_firmware *
CVE-2021-38528 HIGH

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D8500 before 1.0.3.58, R6900P before 1.3.2.132, R7000P before 1.3.2.132, R7100LG before 1.0.0.64, WNDR3400v3 before 1.0.1.38, and XR300 before 1.0.3.56.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear wndr3400_firmware *
netgear r7000p_firmware *
netgear d8500_firmware *
netgear r7100lg_firmware *
netgear xr300_firmware *
netgear r6900p_firmware *
CVE-2021-38529 HIGH

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7800 before 1.0.1.56, R7800 before 1.0.2.68, R8900 before 1.0.4.26, and R9000 before 1.0.4.26.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 8.3 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L 2.8 5.5
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear r7800_firmware *
netgear r8900_firmware *
netgear r9000_firmware *
CVE-2021-38530 HIGH

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK40 before 2.5.1.16, RBR40 before 2.5.1.16, RBS40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20 before 2.5.1.16, RBK50 before 2.5.1.16, RBR50 before 2.5.1.16, RBS50 before 2.5.1.16, and RBS50Y before 2.6.1.40.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear rbs50_firmware *
netgear rbs20_firmware *
netgear rbk20_firmware *
netgear rbk40_firmware *
netgear rbr40_firmware *
netgear rbs50y_firmware *
netgear rbr20_firmware *
CVE-2021-38531 MEDIUM

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.42, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6260 before 1.1.0.78, R6700v2 before 1.2.0.76, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, and AC2400 before 1.2.0.76.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 4.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N 0.5 4.2
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear r6260_firmware *
netgear d7000_firmware *
netgear r6900_firmware *
netgear r6080_firmware *
netgear ac2100_firmware *
netgear r7450_firmware *
netgear r6700_firmware *
netgear r6020_firmware *
netgear d6200_firmware *
netgear r6800_firmware *
netgear ac2400_firmware *
netgear r6120_firmware *
CVE-2021-38532 MEDIUM

NETGEAR WAC104 devices before 1.0.4.15 are affected by incorrect configuration of security settings.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
cve@mitre.org 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear wac104_firmware *
CVE-2021-38533 LOW

NETGEAR RAX40 devices before 1.0.3.64 are affected by stored XSS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 5.4 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N 2.3 2.7
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear rax40_firmware *
CVE-2021-38534 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6100 before 1.0.0.60, D6200 before 1.1.00.36, D6220 before 1.0.0.52, D6400 before 1.0.0.86, D7000 before 1.0.1.70, D7000v2 before 1.0.0.53, D8500 before 1.0.3.44, DC112A before 1.0.0.42, DGN2200v4 before 1.0.0.110, DGND2200Bv4 before 1.0.0.109, DM200 before 1.0.0.61, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.42, R6050 before 1.0.1.18, R6080 before 1.0.0.42, R6220 before 1.1.0.80, R6230 before 1.1.0.80, R6250 before 1.0.4.34, R6260 before 1.1.0.64, R6300v2 before 1.0.4.34, R6400 before 1.0.1.46, R6400v2 before 1.0.2.62, R6700 before 1.0.2.6, R6700v2 before 1.2.0.36, R6700v3 before 1.0.2.62, R6800 before 1.2.0.36, R6900 before 1.0.2.4, R6900P before 1.3.1.64, R6900v2 before 1.2.0.36, R7000 before 1.0.9.60, R7000P before 1.3.1.64, R7100LG before 1.0.0.50, R7300DST before 1.0.0.70, R7450 before 1.2.0.36, R7900 before 1.0.3.8, R7900P before 1.4.1.50, R8000 before 1.0.4.28, R8000P before 1.4.1.50, R8300 before 1.0.2.130, R8500 before 1.0.2.130, WNDR3400v3 before 1.0.1.24, WNR2020 before 1.1.0.62, WNR3500Lv2 before 1.2.0.62, XR450 before 2.3.2.40, and XR500 before 2.3.2.40.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7
cve@mitre.org 4.1 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L 0.7 3.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear r6260_firmware *
netgear r6230_firmware *
netgear d7000_firmware *
netgear r6900_firmware *
netgear r6080_firmware *
netgear r7000_firmware *
netgear r7900p_firmware *
netgear d6220_firmware *
netgear r7000p_firmware *
netgear wnr3500l_firmware *
netgear d6100_firmware *
netgear r7450_firmware *
netgear r8000_firmware *
netgear d6400_firmware *
netgear r6020_firmware *
netgear xr450_firmware *
netgear r7300dst_firmware *
netgear r6400_firmware *
netgear wndr3400_firmware *
netgear r8500_firmware *
netgear jr6150_firmware *
netgear r6800_firmware *
netgear pr2000_firmware *
netgear r6250_firmware *
netgear r6900p_firmware *
netgear dgn2200_firmware *
netgear r8300_firmware *
netgear r6050_firmware *
netgear d8500_firmware *
netgear r6700_firmware *
netgear dc112a_firmware *
netgear d6000_firmware *
netgear xr500_firmware *
netgear r7900_firmware *
netgear d6200_firmware *
netgear dgnd2200b_firmware *
netgear r6300_firmware *
netgear d3600_firmware *
netgear dm200_firmware *
netgear r7100lg_firmware *
netgear r8000p_firmware *
netgear r6220_firmware *
netgear wnr2020_firmware *
CVE-2021-38535 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.76, R6260 before 1.1.0.78, R6700v2 before 1.2.0.76, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, RAX35 before 1.0.3.62, and RAX40 before 1.0.3.62.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 4.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.2 2.7
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear r6260_firmware *
netgear d7000_firmware *
netgear r6900_firmware *
netgear r6080_firmware *
netgear r7400_firmware *
netgear ac2100_firmware *
netgear rax40_firmware *
netgear r7450_firmware *
netgear r6700_firmware *
netgear r6020_firmware *
netgear r7350_firmware *
netgear d6200_firmware *
netgear r7200_firmware *
netgear r6850_firmware *
netgear ac2600_firmware *
netgear rax35_firmware *
netgear r6800_firmware *
netgear ac2400_firmware *
netgear r6120_firmware *
CVE-2021-38536 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.66, R6260 before 1.1.0.78, R6700v2 before 1.2.0.76, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, RAX35 before 1.0.3.62, and RAX40 before 1.0.3.62.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 4.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.2 2.7
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear r6260_firmware *
netgear d7000_firmware *
netgear r6900_firmware *
netgear r6080_firmware *
netgear r7400_firmware *
netgear ac2100_firmware *
netgear rax40_firmware *
netgear r7450_firmware *
netgear r6700_firmware *
netgear r6020_firmware *
netgear r7350_firmware *
netgear d6200_firmware *
netgear r7200_firmware *
netgear r6850_firmware *
netgear ac2600_firmware *
netgear rax35_firmware *
netgear r6800_firmware *
netgear ac2400_firmware *
netgear r6120_firmware *
CVE-2021-38537 LOW

Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.66, R6260 before 1.1.0.78, R6700v2 before 1.2.0.76, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, and RAX40 before 1.0.3.62.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7
cve@mitre.org 4.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.1 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear r6260_firmware *
netgear d7000_firmware *
netgear r6900_firmware *
netgear r6080_firmware *
netgear r7400_firmware *
netgear ac2100_firmware *
netgear rax40_firmware *
netgear r7450_firmware *
netgear r6700_firmware *
netgear r6020_firmware *
netgear r7350_firmware *
netgear d6200_firmware *
netgear r7200_firmware *
netgear r6850_firmware *
netgear ac2600_firmware *
netgear r6800_firmware *
netgear ac2400_firmware *
netgear r6120_firmware *
CVE-2021-38538 MEDIUM

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7800 before 1.0.2.68, R8900 before 1.0.4.26, R9000 before 1.0.4.26, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and XR500 before 2.3.2.56.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 6.3 MEDIUM CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N 1.0 5.2
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear rbs50_firmware *
netgear r7800_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rax120_firmware *
netgear d7800_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear rbs20_firmware *
netgear rbk20_firmware *
netgear r8900_firmware *
netgear rbk40_firmware *
netgear rbr40_firmware *
netgear rbr20_firmware *
CVE-2021-38539 MEDIUM

Certain NETGEAR devices are affected by privilege escalation. This affects D8500 before 1.0.3.44, R6400v2 before 1.0.2.66, R6700 before 1.0.2.6, R6700v3 before 1.0.2.66, R6900 before 1.0.2.4, R6900P before 1.3.2.126, R7000 before 1.0.9.42, R7000P before 1.3.2.126, R7100LG before 1.0.0.50, R7300DST before 1.0.0.70, R7900 before 1.0.3.10, R8300 before 1.0.2.130, and R8500 before 1.0.2.130.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
cve@mitre.org 6.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N 2.1 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear r6900_firmware *
netgear r7000_firmware *
netgear r7000p_firmware *
netgear d8500_firmware *
netgear r6700_firmware *
netgear r7900_firmware *
netgear r7300dst_firmware *
netgear r6400_firmware *
netgear r7100lg_firmware *
netgear r8500_firmware *
netgear r6900p_firmware *
netgear r8300_firmware *
CVE-2021-40847 HIGH

The update process of the Circle Parental Control Service on various NETGEAR routers allows remote attackers to achieve remote code execution as root via a MitM attack. While the parental controls themselves are not enabled by default on the routers, the Circle update daemon, circled, is enabled by default. This daemon connects to Circle and NETGEAR to obtain version information and updates to the circled daemon and its filtering database. However, database updates from NETGEAR are unsigned and downloaded via cleartext HTTP. As such, an attacker with the ability to perform a MitM attack on the device can respond to circled update requests with a crafted, compressed database file, the extraction of which gives the attacker the ability to overwrite executable files with attacker-controlled code. This affects R6400v2 1.0.4.106, R6700 1.0.2.16, R6700v3 1.0.4.106, R6900 1.0.2.16, R6900P 1.3.2.134, R7000 1.0.11.123, R7000P 1.3.2.134, R7850 1.0.5.68, R7900 1.0.4.38, R8000 1.0.4.68, and RS400 1.5.0.68.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-319,

Products Affected

Vendor Product Version
netgear r7850_firmware 1.0.5.68
netgear r6900p_firmware 1.3.2.134
netgear r7900_firmware 1.0.4.38
netgear r7000p_firmware 1.3.2.134
netgear rs400_firmware 1.5.0.68
netgear r8000_firmware 1.0.4.68
netgear r6900_firmware 1.0.2.16
netgear r6700_firmware 1.0.2.16
netgear r7000_firmware 1.0.11.123
netgear r6700v3_firmware 1.0.4.106
netgear r6400v2_firmware 1.0.4.106
CVE-2021-40866 MEDIUM

Certain NETGEAR smart switches are affected by a remote admin password change by an unauthenticated attacker via the (disabled by default) /sqfs/bin/sccd daemon, which fails to check authentication when the authentication TLV is missing from a received NSDP packet. This affects GC108P before 1.0.8.2, GC108PP before 1.0.8.2, GS108Tv3 before 7.0.7.2, GS110TPP before 7.0.7.2, GS110TPv3 before 7.0.7.2, GS110TUP before 1.0.5.3, GS308T before 1.0.3.2, GS310TP before 1.0.3.2, GS710TUP before 1.0.5.3, GS716TP before 1.0.4.2, GS716TPP before 1.0.4.2, GS724TPP before 2.0.6.3, GS724TPv2 before 2.0.6.3, GS728TPPv2 before 6.0.8.2, GS728TPv2 before 6.0.8.2, GS750E before 1.0.1.10, GS752TPP before 6.0.8.2, GS752TPv2 before 6.0.8.2, MS510TXM before 1.0.4.2, and MS510TXUP before 1.0.4.2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
netgear gs724tpp_firmware *
netgear gs308t_firmware *
netgear gs750e_firmware *
netgear gs728tpp_firmware *
netgear gs752tp_firmware *
netgear gs716tp_firmware *
netgear ms510txm_firmware *
netgear gs110tpp_firmware *
netgear gc108pp_firmware *
netgear gs110tup_firmware *
netgear gs752tpp_firmware *
netgear ms510txup_firmware *
netgear gs710tup_firmware *
netgear gs110tp_firmware *
netgear gs728tp_firmware *
netgear gs716tpp_firmware *
netgear gs310tp_firmware *
netgear gs108t_firmware *
netgear gc108p_firmware *
netgear gs724tp_firmware *
CVE-2021-40867 MEDIUM

Certain NETGEAR smart switches are affected by an authentication hijacking race-condition vulnerability by an unauthenticated attacker who uses the same source IP address as an admin in the process of logging in (e.g., behind the same NAT device, or already in possession of a foothold on an admin's machine). This occurs because the multi-step HTTP authentication process is effectively tied only to the source IP address. This affects GC108P before 1.0.8.2, GC108PP before 1.0.8.2, GS108Tv3 before 7.0.7.2, GS110TPP before 7.0.7.2, GS110TPv3 before 7.0.7.2, GS110TUP before 1.0.5.3, GS308T before 1.0.3.2, GS310TP before 1.0.3.2, GS710TUP before 1.0.5.3, GS716TP before 1.0.4.2, GS716TPP before 1.0.4.2, GS724TPP before 2.0.6.3, GS724TPv2 before 2.0.6.3, GS728TPPv2 before 6.0.8.2, GS728TPv2 before 6.0.8.2, GS750E before 1.0.1.10, GS752TPP before 6.0.8.2, GS752TPv2 before 6.0.8.2, MS510TXM before 1.0.4.2, and MS510TXUP before 1.0.4.2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-290,

Products Affected

Vendor Product Version
netgear gs724tpp_firmware *
netgear gs308t_firmware *
netgear gs750e_firmware *
netgear gs728tpp_firmware *
netgear gs752tp_firmware *
netgear gs716tp_firmware *
netgear ms510txm_firmware *
netgear gs110tpp_firmware *
netgear gc108pp_firmware *
netgear gs110tup_firmware *
netgear gs752tpp_firmware *
netgear ms510txup_firmware *
netgear gs710tup_firmware *
netgear gs110tp_firmware *
netgear gs728tp_firmware *
netgear gs716tpp_firmware *
netgear gs310tp_firmware *
netgear gs108t_firmware *
netgear gc108p_firmware *
netgear gs724tp_firmware *
CVE-2021-41314 HIGH

Certain NETGEAR smart switches are affected by a \n injection in the web UI's password field, which - due to several faulty aspects of the authentication scheme - allows the attacker to create (or overwrite) a file with specific content (e.g., the "2" string). This leads to admin session crafting and therefore gaining full web UI admin privileges by an unauthenticated attacker. This affects GC108P before 1.0.8.2, GC108PP before 1.0.8.2, GS108Tv3 before 7.0.7.2, GS110TPP before 7.0.7.2, GS110TPv3 before 7.0.7.2, GS110TUP before 1.0.5.3, GS308T before 1.0.3.2, GS310TP before 1.0.3.2, GS710TUP before 1.0.5.3, GS716TP before 1.0.4.2, GS716TPP before 1.0.4.2, GS724TPP before 2.0.6.3, GS724TPv2 before 2.0.6.3, GS728TPPv2 before 6.0.8.2, GS728TPv2 before 6.0.8.2, GS750E before 1.0.1.10, GS752TPP before 6.0.8.2, GS752TPv2 before 6.0.8.2, MS510TXM before 1.0.4.2, and MS510TXUP before 1.0.4.2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-74,

Products Affected

Vendor Product Version
netgear gs724tpp_firmware *
netgear gs308t_firmware *
netgear gs750e_firmware *
netgear gs728tpp_firmware *
netgear gs752tp_firmware *
netgear gs716tp_firmware *
netgear ms510txm_firmware *
netgear gs110tpp_firmware *
netgear gc108pp_firmware *
netgear gs110tup_firmware *
netgear gs752tpp_firmware *
netgear ms510txup_firmware *
netgear gs710tup_firmware *
netgear gs110tp_firmware *
netgear gs728tp_firmware *
netgear gs716tpp_firmware *
netgear gs310tp_firmware *
netgear gs108t_firmware *
netgear gc108p_firmware *
netgear gs724tp_firmware *
CVE-2021-41383 HIGH

setup.cgi on NETGEAR R6020 1.0.0.48 devices allows an admin to execute arbitrary shell commands via shell metacharacters in the ntp_server field.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear r6020_firmware 1.0.0.48
CVE-2021-41449 LOW

A path traversal attack in web interfaces of Netgear RAX35, RAX38, and RAX40 routers before v1.0.4.102, allows a remote unauthenticated attacker to gain access to sensitive restricted information, such as forbidden files of the web application, via sending a specially crafted HTTP packet.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 1.8 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-22,

Products Affected

Vendor Product Version
netgear rax38_firmware *
netgear rax35_firmware *
netgear rax40_firmware *
CVE-2021-44261 MEDIUM

A vulnerability is in the 'BRS_top.html' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes firmware version information for the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,

Products Affected

Vendor Product Version
netgear r6900_firmware *
netgear r7800_firmware *
netgear r7450_firmware *
netgear r6220_firmware *
netgear wac104_firmware *
CVE-2021-44262 MEDIUM

A vulnerability is in the 'MNU_top.htm' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes some key information for the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,

Products Affected

Vendor Product Version
netgear mbr1517_firmware *
netgear wnce3001_firmware *
netgear wac104_firmware *
CVE-2021-45077 MEDIUM

Netgear Nighthawk R6700 version 1.0.4.120 stores sensitive information in plaintext. All usernames and passwords for the device's associated services are stored in plaintext on the device. For example, the admin password is stored in plaintext in the primary configuration file on the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-312,

Products Affected

Vendor Product Version
netgear r6700_firmware 1.0.4.120
CVE-2021-45493 MEDIUM

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RAX35 before 1.0.4.102, RAX38 before 1.0.4.102, and RAX40 before 1.0.4.102.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 7.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L 2.8 4.7
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
netgear rax38_firmware *
netgear rax35_firmware *
netgear rax40_firmware *
CVE-2021-45494 LOW

Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects RBK352 before 4.4.0.10, RBR350 before 4.4.0.10, and RBS350 before 4.4.0.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.9 3.6
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear rbs350_firmware *
netgear rbr350_firmware *
netgear rbk352_firmware *
CVE-2021-45495 HIGH

NETGEAR D7000 devices before 1.0.1.68 are affected by authentication bypass.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cve@mitre.org 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear d7000_firmware *
CVE-2021-45496 HIGH

NETGEAR D7000 devices before 1.0.1.82 are affected by authentication bypass.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear d7000_firmware *
CVE-2021-45497 HIGH

NETGEAR D7000 devices before 1.0.1.82 are affected by authentication bypass.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cve@mitre.org 9.4 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L 3.9 5.5

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear d7000_firmware *
CVE-2021-45498 HIGH

NETGEAR R6700v2 devices before 1.2.0.88 are affected by authentication bypass.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cve@mitre.org 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear r6700v2_firmware *
CVE-2021-45499 MEDIUM

Certain NETGEAR devices are affected by authentication bypass. This affects R6900P before 1.3.3.140, R7000P before 1.3.3.140, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000P before 1.4.2.84, RAX75 before 1.0.3.106, and RAX80 before 1.0.3.106.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 8.2 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N 1.8 5.8
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear rax75_firmware *
netgear rax80_firmware *
netgear r7900p_firmware *
netgear r7000p_firmware *
netgear r7960p_firmware *
netgear r8000p_firmware *
netgear r6900p_firmware *
CVE-2021-45500 MEDIUM

Certain NETGEAR devices are affected by authentication bypass. This affects R7000P before 1.3.3.140 and R8000 before 1.0.4.68.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L 2.8 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear r7000p_firmware *
netgear r8000_firmware *
CVE-2021-45501 HIGH

Certain NETGEAR devices are affected by authentication bypass. This affects AC2400 before 1.1.0.84, AC2600 before 1.1.0.84, D7000 before 1.0.1.82, R6020 before 1.0.0.52, R6080 before 1.0.0.52, R6120 before 1.0.0.80, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.84, R6330 before 1.1.0.84, R6350 before 1.1.0.84, R6700v2 before 1.1.0.84, R6800 before 1.1.0.84, R6850 before 1.1.0.84, R6900v2 before 1.1.0.84, R7200 before 1.1.0.84, R7350 before 1.1.0.84, R7400 before 1.1.0.84, and R7450 before 1.1.0.84.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.4 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L 3.9 5.5
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear r6900v2_firmware *
netgear r6260_firmware *
netgear r6230_firmware *
netgear d7000_firmware *
netgear r6330_firmware *
netgear r6080_firmware *
netgear r6700v2_firmware *
netgear r7400_firmware *
netgear r7450_firmware *
netgear r6020_firmware *
netgear r6350_firmware *
netgear r7350_firmware *
netgear r7200_firmware *
netgear r6850_firmware *
netgear ac2600_firmware *
netgear r6220_firmware *
netgear r6800_firmware *
netgear ac2400_firmware *
netgear r6120_firmware *
CVE-2021-45502 MEDIUM

Certain NETGEAR devices are affected by authentication bypass. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
netgear cbr750_firmware *
CVE-2021-45503 MEDIUM

Certain NETGEAR devices are affected by authentication bypass. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
netgear cbr750_firmware *
CVE-2021-45504 HIGH

Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBR852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear cbr40_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr852_firmware *
netgear cbr750_firmware *
CVE-2021-45505 MEDIUM

Certain NETGEAR devices are affected by authentication bypass. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
netgear cbr750_firmware *
CVE-2021-45506 MEDIUM

Certain NETGEAR devices are affected by authentication bypass. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
netgear cbr750_firmware *
CVE-2021-45507 HIGH

Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBW30 before 2.6.2.2, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, and RBS40V before 2.6.2.8.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear cbr40_firmware *
netgear rbk752_firmware *
netgear rbw30_firmware *
netgear rbs40v_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
netgear cbr750_firmware *
CVE-2021-45508 HIGH

Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, and RBR850 before 3.2.17.12.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear cbr40_firmware *
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
netgear cbr750_firmware *
CVE-2021-45509 HIGH

Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.24, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear cbr40_firmware *
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
CVE-2021-45510 MEDIUM

NETGEAR XR1000 devices before 1.0.0.58 are affected by authentication bypass.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 8.2 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:H 2.8 4.7
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear xr1000_firmware *
CVE-2021-45511 HIGH

Certain NETGEAR devices are affected by authentication bypass. This affects AC2100 before 2021-08-27, AC2400 before 2021-08-27, AC2600 before 2021-08-27, D7000 before 2021-08-27, R6220 before 2021-08-27, R6230 before 2021-08-27, R6260 before 2021-08-27, R6330 before 2021-08-27, R6350 before 2021-08-27, R6700v2 before 2021-08-27, R6800 before 2021-08-27, R6850 before 2021-08-27, R6900v2 before 2021-08-27, R7200 before 2021-08-27, R7350 before 2021-08-27, R7400 before 2021-08-27, and R7450 before 2021-08-27.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear r6900v2_firmware *
netgear r6260_firmware *
netgear r6230_firmware *
netgear d7000_firmware *
netgear r6330_firmware *
netgear r6700v2_firmware *
netgear r7400_firmware *
netgear ac2100_firmware *
netgear r7450_firmware *
netgear r6350_firmware *
netgear r7350_firmware *
netgear r7200_firmware *
netgear r6850_firmware *
netgear ac2600_firmware *
netgear r6220_firmware *
netgear r6800_firmware *
netgear ac2400_firmware *
CVE-2021-45512 HIGH

Certain NETGEAR devices are affected by weak cryptography. This affects D7000v2 before 1.0.0.62, D8500 before 1.0.3.50, EX3700 before 1.0.0.84, EX3800 before 1.0.0.84, EX6120 before 1.0.0.54, EX6130 before 1.0.0.36, EX7000 before 1.0.1.90, R6250 before 1.0.4.42, R6400v2 before 1.0.4.98, R6700v3 before 1.0.4.98, R6900P before 1.3.2.124, R7000 before 1.0.11.106, R7000P before 1.3.2.124, R7100LG before 1.0.0.56, R7900 before 1.0.4.26, R8000 before 1.0.4.58, R8300 before 1.0.2.134, R8500 before 1.0.2.134, RS400 before 1.5.0.48, WNR3500Lv2 before 1.2.0.62, and XR300 before 1.0.3.50.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cve@mitre.org 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L 3.9 4.7

CVSS 2.0

Severity: HIGH

Problem Type: CWE-327,

Products Affected

Vendor Product Version
netgear d7000_firmware *
netgear r7000_firmware *
netgear ex6130_firmware *
netgear r7000p_firmware *
netgear wnr3500l_firmware *
netgear d8500_firmware *
netgear ex7000_firmware *
netgear xr300_firmware *
netgear r6700_firmware *
netgear r8000_firmware *
netgear ex3800_firmware *
netgear r7900_firmware *
netgear r6400_firmware *
netgear ex6120_firmware *
netgear rs400_firmware *
netgear r7100lg_firmware *
netgear ex3700_firmware *
netgear r8500_firmware *
netgear r6250_firmware *
netgear r6900p_firmware *
netgear r8300_firmware *
CVE-2021-45513 MEDIUM

NETGEAR XR1000 devices before 1.0.0.58 are affected by command injection by an unauthenticated attacker.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0
nvd@nist.gov 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear xr1000_firmware *
CVE-2021-45514 MEDIUM

NETGEAR XR1000 devices before 1.0.0.58 are affected by command injection by an unauthenticated attacker.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear xr1000_firmware *
CVE-2021-45515 LOW

Certain NETGEAR devices are affected by denial of service. This affects EX7500 before 1.0.0.72, RBS40V before 2.6.1.4, RBW30 before 2.6.1.4, RBRE960 before 6.0.3.68, RBSE960 before 6.0.3.68, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, and RBK852 before 3.2.17.12.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6
cve@mitre.org 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear rbre960_firmware *
netgear rbw30_firmware *
netgear rbs40v_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
netgear rbse960_firmware *
netgear rbk752_firmware *
netgear ex7500_firmware *
netgear rbke963_firmware *
netgear rbs850_firmware *
CVE-2021-45516 LOW

Certain NETGEAR devices are affected by denial of service. This affects R6400 before 1.0.1.70, R7000 before 1.0.11.126, R6900P before 1.3.3.140, R7000P before 1.3.3.140, R8000 before 1.0.4.74, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 0.9 3.6
cve@mitre.org 6.9 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H 1.7 4.7

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear r7000_firmware *
netgear r6400_firmware *
netgear r7000p_firmware *
netgear rbk852_firmware *
netgear r8000_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear r6900p_firmware *
CVE-2021-45517 MEDIUM

NETGEAR XR1000 devices before 1.0.0.58 are affected by denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6
cve@mitre.org 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear xr1000_firmware *
CVE-2021-45518 MEDIUM

NETGEAR XR1000 devices before 1.0.0.58 are affected by denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6
cve@mitre.org 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear xr1000_firmware *
CVE-2021-45519 MEDIUM

NETGEAR XR1000 devices before 1.0.0.58 are affected by denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear xr1000_firmware *
CVE-2021-45520 MEDIUM

Certain NETGEAR devices are affected by a hardcoded password. This affects RBK352 before 4.4.0.10, RBR350 before 4.4.0.10, and RBS350 before 4.4.0.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-798,

Products Affected

Vendor Product Version
netgear rbs350_firmware *
netgear rbr350_firmware *
netgear rbk352_firmware *
CVE-2021-45521 LOW

Certain NETGEAR devices are affected by a hardcoded password. This affects RBK352 before 4.4.0.10, RBR350 before 4.4.0.10, and RBS350 before 4.4.0.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6
cve@mitre.org 7.4 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N 2.8 4.0

CVSS 2.0

Severity: LOW

Problem Type: CWE-798,

Products Affected

Vendor Product Version
netgear rbs350_firmware *
netgear rbr350_firmware *
netgear rbk352_firmware *
CVE-2021-45522 HIGH

NETGEAR XR1000 devices before 1.0.0.58 are affected by a hardcoded password.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
cve@mitre.org 6.1 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
netgear xr1000_firmware *
CVE-2021-45523 MEDIUM

NETGEAR R7000 devices before 1.0.9.42 are affected by a buffer overflow by an authenticated user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.1 3.6
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netgear r7000_firmware *
CVE-2021-45524 HIGH

NETGEAR R8000 devices before 1.0.4.62 are affected by a buffer overflow by an authenticated user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0
cve@mitre.org 7.6 HIGH CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 1.0 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netgear r8000_firmware *
CVE-2021-45525 MEDIUM

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects EX7000 before 1.0.1.80, R6400 before 1.0.1.50, R6400v2 before 1.0.4.118, R6700 before 1.0.2.8, R6700v3 before 1.0.4.118, R6900 before 1.0.2.8, R6900P before 1.3.2.124, R7000 before 1.0.9.88, R7000P before 1.3.2.124, R7900 before 1.0.3.18, R7900P before 1.4.1.50, R8000 before 1.0.4.46, R8000P before 1.4.1.50, RAX80 before 1.0.1.56, and WNR3500Lv2 before 1.2.0.62.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
cve@mitre.org 6.1 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 0.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netgear wnr3500lv2_firmware *
netgear rax80_firmware *
netgear r6900_firmware *
netgear r7000_firmware *
netgear r7900p_firmware *
netgear r7000p_firmware *
netgear ex7000_firmware *
netgear r6700_firmware *
netgear r8000_firmware *
netgear r6400v2_firmware *
netgear r6700v3_firmware *
netgear r7900_firmware *
netgear r6400_firmware *
netgear r8000p_firmware *
netgear r6900p_firmware *
CVE-2021-45526 MEDIUM

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects EX6000 before 1.0.0.38, EX6120 before 1.0.0.48, EX6130 before 1.0.0.30, R6300v2 before 1.0.4.52, R6400 before 1.0.1.52, R7000 before 1.0.11.126, R7900 before 1.0.4.30, R8000 before 1.0.4.52, R7000P before 1.3.2.124, R8000P before 1.4.1.50, RAX80 before 1.0.3.88, R6900P before 1.3.2.124, R7900P before 1.4.1.50, and RAX75 before 1.0.3.88.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
cve@mitre.org 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H 1.5 5.3

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netgear rax80_firmware *
netgear r7000_firmware *
netgear r7900p_firmware *
netgear ex6130_firmware *
netgear ex6000_firmware *
netgear r7000p_firmware *
netgear r8000_firmware *
netgear r7900_firmware *
netgear r6300v2_firmware *
netgear rax75_firmware *
netgear r6400_firmware *
netgear ex6120_firmware *
netgear r8000p_firmware *
netgear r6900p_firmware *
CVE-2021-45527 MEDIUM

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D6220 before 1.0.0.68, D6400 before 1.0.0.102, D7000v2 before 1.0.0.66, D8500 before 1.0.3.58, DC112A before 1.0.0.54, EX7000 before 1.0.1.94, EX7500 before 1.0.0.72, R6250 before 1.0.4.48, R6300v2 before 1.0.4.52, R6400 before 1.0.1.70, R6400v2 before 1.0.4.102, R6700v3 before 1.0.4.102, R7000 before 1.0.11.116, R7100LG before 1.0.0.64, R7850 before 1.0.5.68, R7900 before 1.0.4.30, R7960P before 1.4.1.68, R8000 before 1.0.4.52, RAX200 before 1.0.2.88, RBS40V before 2.6.2.4, RS400 before 1.5.1.80, XR300 before 1.0.3.56, R7000P before 1.3.2.124, R8000P before 1.4.1.68, R8500 before 1.0.2.144, RAX80 before 1.0.3.102, R6900P before 1.3.2.124, R7900P before 1.4.1.68, R8300 before 1.0.2.144, RAX75 before 1.0.3.102, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, and RBK852 before 3.2.17.12.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netgear r7850_firmware *
netgear d7000v2_firmware *
netgear r7000_firmware *
netgear r7900p_firmware *
netgear d6220_firmware *
netgear r7000p_firmware *
netgear rbk852_firmware *
netgear r8000_firmware *
netgear rbr850_firmware *
netgear d6400_firmware *
netgear rbr750_firmware *
netgear r6400v2_firmware *
netgear rax200_firmware *
netgear rax75_firmware *
netgear rbk752_firmware *
netgear ex7500_firmware *
netgear r6400_firmware *
netgear r8500_firmware *
netgear r6250_firmware *
netgear r6900p_firmware *
netgear r8300_firmware *
netgear rax80_firmware *
netgear d8500_firmware *
netgear ex7000_firmware *
netgear rbs40v_firmware *
netgear xr300_firmware *
netgear dc112a_firmware *
netgear rbs750_firmware *
netgear r6700v3_firmware *
netgear r7900_firmware *
netgear r6300v2_firmware *
netgear r7960p_firmware *
netgear rs400_firmware *
netgear r7100lg_firmware *
netgear rbs850_firmware *
netgear r8000p_firmware *
CVE-2021-45528 MEDIUM

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R6300v2 before 1.0.4.52, R6400 before 1.0.1.52, R6900 before 1.0.2.8, R7000 before 1.0.9.88, R7900 before 1.0.3.18, R8000 before 1.0.4.46, R7900P before 1.4.1.50, R8000P before 1.4.1.50, RAX75 before 1.0.3.88, RAX80 before 1.0.3.88, and WNR3500Lv2 before 1.2.0.62.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
cve@mitre.org 8.1 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H 1.5 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netgear r7900_firmware *
netgear r6300v2_firmware *
netgear wnr3500lv2_firmware *
netgear rax75_firmware *
netgear rax80_firmware *
netgear r6900_firmware *
netgear r7000_firmware *
netgear r6400_firmware *
netgear r7900p_firmware *
netgear r8000_firmware *
netgear r8000p_firmware *
CVE-2021-45529 MEDIUM

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects CBR40 before 2.3.5.12, D7000v2 before 1.0.0.66, D8500 before 1.0.3.58, R6400 before 1.0.1.70, R7000 before 1.0.11.126, R6900P before 1.3.2.124, R7000P before 1.3.2.124, R7900 before 1.0.4.30, R8000 before 1.0.4.52, and WNR3500Lv2 before 1.2.0.62.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
cve@mitre.org 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H 1.5 5.3

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netgear cbr40_firmware *
netgear r7900_firmware *
netgear wnr3500lv2_firmware *
netgear d7000v2_firmware *
netgear r7000_firmware *
netgear r6400_firmware *
netgear r7000p_firmware *
netgear d8500_firmware *
netgear r8000_firmware *
netgear r6900p_firmware *
CVE-2021-45530 MEDIUM

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R7000 before 1.0.11.126, R7960P before 1.4.2.84, R8000 before 1.0.4.74, RAX200 before 1.0.4.120, R8000P before 1.4.2.84, RAX20 before 1.0.2.82, RAX45 before 1.0.2.82, RAX80 before 1.0.4.120, R7900P before 1.4.2.84, RAX15 before 1.0.2.82, RAX50 before 1.0.2.82, and RAX75 before 1.0.4.120.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
cve@mitre.org 4.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 0.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netgear rax80_firmware *
netgear r7000_firmware *
netgear rax20_firmware *
netgear r7000p_firmware *
netgear r8000_firmware *
netgear rax200_firmware *
netgear rax50_firmware *
netgear rax75_firmware *
netgear rax15_firmware *
netgear r7960p_firmware *
netgear r8000p_firmware *
netgear rax45_firmware *
CVE-2021-45531 MEDIUM

NETGEAR D6220 devices before 1.0.0.76 are affected by command injection by an authenticated user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
cve@mitre.org 7.1 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L 1.6 5.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear d6220_firmware *
CVE-2021-45532 MEDIUM

NETGEAR R8000 devices before 1.0.4.76 are affected by command injection by an authenticated user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
cve@mitre.org 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear r8000_firmware *
CVE-2021-45533 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects EX6120 before 1.0.0.66, EX6130 before 1.0.0.46, EX7000 before 1.0.1.106, EX7500 before 1.0.1.76, EX3700 before 1.0.0.94, EX3800 before 1.0.0.94, RBR850 before 4.6.3.9, RBS850 before 4.6.3.9, and RBK852 before 4.6.3.9.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear ex7500_firmware *
netgear ex6120_firmware *
netgear ex6130_firmware *
netgear ex7000_firmware *
netgear ex3700_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear ex3800_firmware *
CVE-2021-45534 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects AC2100 before 1.2.0.88, AC2400 before 1.2.0.88, AC2600 before 1.2.0.88, D7000 before 1.0.1.82, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.84, R6330 before 1.1.0.84, R6350 before 1.1.0.84, R6700v2 before 1.2.0.88, R6800 before 1.2.0.88, R6850 before 1.1.0.84, R6900v2 before 1.2.0.88, R7200 before 1.2.0.88, R7350 before 1.2.0.88, R7400 before 1.2.0.88, and R7450 before 1.2.0.88.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear r6900v2_firmware *
netgear r6260_firmware *
netgear r6230_firmware *
netgear d7000_firmware *
netgear r6330_firmware *
netgear r6700v2_firmware *
netgear r7400_firmware *
netgear ac2100_firmware *
netgear r7450_firmware *
netgear r6350_firmware *
netgear r7350_firmware *
netgear r7200_firmware *
netgear r6850_firmware *
netgear ac2600_firmware *
netgear r6220_firmware *
netgear r6800_firmware *
netgear ac2400_firmware *
CVE-2021-45535 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RAX200 before 1.0.3.106, RAX80 before 1.0.3.106, RAX75 before 1.0.3.106, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rax75_firmware *
netgear rax80_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
netgear rax200_firmware *
netgear rbk752 -
CVE-2021-45536 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RAX75 before 1.0.3.106, RAX80 before 1.0.3.106, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rax75_firmware *
netgear rax80_firmware *
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
CVE-2021-45537 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user . This affects RAX200 before 1.0.3.106, RAX75 before 1.0.3.106, RAX80 before 1.0.3.106, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rax75_firmware *
netgear rax80_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
netgear rax200_firmware *
netgear rbk752 -
CVE-2021-45538 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RAX75 before 1.0.3.106, RAX80 before 1.0.3.106, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rax75_firmware *
netgear rax80_firmware *
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
CVE-2021-45539 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, MR60 before 1.0.6.110, RAX20 before 1.0.2.82, RAX45 before 1.0.2.28, RAX80 before 1.0.3.106, MS60 before 1.0.6.110, RAX15 before 1.0.2.82, RAX50 before 1.0.2.28, and RAX75 before 1.0.3.106.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rax80_firmware *
netgear r7900p_firmware *
netgear rax20_firmware *
netgear r8000_firmware *
netgear rax50_firmware *
netgear rax75_firmware *
netgear mr60_firmware *
netgear ms60_firmware *
netgear rax15_firmware *
netgear r7960p_firmware *
netgear r8000p_firmware *
netgear rax45_firmware *
CVE-2021-45540 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7000 before 1.0.11.126, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX200 before 1.0.3.106, MR60 before 1.0.6.110, RAX45 before 1.0.2.66, RAX80 before 1.0.3.106, MS60 before 1.0.6.110, RAX50 before 1.0.2.66, and RAX75 before 1.0.3.106.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rax80_firmware *
netgear r7000_firmware *
netgear r7900p_firmware *
netgear r8000_firmware *
netgear rax200_firmware *
netgear r7900_firmware *
netgear rax50_firmware *
netgear rax75_firmware *
netgear mr60_firmware *
netgear ms60_firmware *
netgear r7960p_firmware *
netgear r8000p_firmware *
netgear rax45_firmware *
CVE-2021-45541 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7900 before 1.0.4.38, R7900P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX200 before 1.0.3.106, MR60 before 1.0.6.110, RAX45 before 1.0.2.72, RAX80 before 1.0.3.106, MS60 before 1.0.6.110, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, RBR750 before 3.2.16.6, RBR850 before 3.2.16.6, RBS750 before 3.2.16.6, RBS850 before 3.2.16.6, RBK752 before 3.2.16.6, and RBK852 before 3.2.16.6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rax80_firmware *
netgear r7900p_firmware *
netgear rbk852_firmware *
netgear r8000_firmware *
netgear rbr850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
netgear rax200_firmware *
netgear r7900_firmware *
netgear rax50_firmware *
netgear rax75_firmware *
netgear rbk752_firmware *
netgear mr60_firmware *
netgear ms60_firmware *
netgear rbs850_firmware *
netgear r8000p_firmware *
netgear rax45_firmware *
CVE-2021-45542 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RAX200 before 1.0.4.120, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rax75_firmware *
netgear rax80_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rax200_firmware *
CVE-2021-45543 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R8000 before 1.0.4.74, RAX200 before 1.0.4.120, R8000P before 1.4.2.84, R7900P before 1.4.2.84, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, and RBK852 before 3.2.17.12.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk852_firmware *
netgear r8000_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear r8000p_firmware *
netgear rax200_firmware *
netgear r7900p_firmware 1.4.2.84
CVE-2021-45544 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7850 before 1.0.5.74, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX200 before 1.0.4.120, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rax75_firmware *
netgear rax80_firmware *
netgear r7850_firmware *
netgear r7900p_firmware *
netgear r7960p_firmware *
netgear rbk852_firmware *
netgear r8000_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear r8000p_firmware *
netgear rax200_firmware *
CVE-2021-45545 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7850 before 1.0.5.74, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX200 before 1.0.4.120, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rax75_firmware *
netgear rax80_firmware *
netgear r7850_firmware *
netgear r7900p_firmware *
netgear r7960p_firmware *
netgear rbk852_firmware *
netgear r8000_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear r8000p_firmware *
netgear rax200_firmware *
CVE-2021-45546 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7850 before 1.0.5.74, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX200 before 1.0.4.120, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, and RBS850 before 3.2.17.12.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rax80_firmware *
netgear r7850_firmware *
netgear r7900p_firmware *
netgear rbk852_firmware *
netgear r8000_firmware *
netgear rbr850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
netgear rax200_firmware *
netgear rax75_firmware *
netgear rbk752_firmware *
netgear r7960p_firmware *
netgear rbs850_firmware *
netgear r8000p_firmware *
CVE-2021-45547 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7850 before 1.0.5.74, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX200 before 1.0.4.120, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, and RBS850 before 3.2.17.12.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rax80_firmware *
netgear r7850_firmware *
netgear r7900p_firmware *
netgear rbk852_firmware *
netgear r8000_firmware *
netgear rbr850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
netgear rax200_firmware *
netgear rax75_firmware *
netgear rbk752_firmware *
netgear r7960p_firmware *
netgear rbs850_firmware *
netgear r8000p_firmware *
CVE-2021-45548 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.60, DM200 before 1.0.0.66, EX2700 before 1.0.1.56, EX6150v2 before 1.0.1.86, EX6200v2 before 1.0.1.86, EX6250 before 1.0.0.128, EX6400 before 1.0.2.144, EX6400v2 before 1.0.0.128, EX6410 before 1.0.0.128, EX6420 before 1.0.0.128, EX7300 before 1.0.2.144, EX7300v2 before 1.0.0.128, EX7320 before 1.0.0.128, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.5.26, R9000 before 1.0.5.2, RAX120 before 1.0.1.128, WN3000RPv2 before 1.0.0.78, WN3000RPv3 before 1.0.2.80, WNR2000v5 before 1.0.0.74, XR500 before 2.3.2.66, RBK20 before 2.7.3.22, RBR20 before 2.7.3.22, RBS20 before 2.7.3.22, RBK40 before 2.7.3.22, RBR40 before 2.7.3.22, and RBS40 before 2.7.3.22.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 6.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L 0.8 5.5
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear wn3000rpv3_firmware *
netgear rax120_firmware *
netgear ex7300_firmware *
netgear ex7300v2_firmware *
netgear ex6420_firmware *
netgear rbs20_firmware *
netgear wn3000rpv2_firmware *
netgear rbk40_firmware *
netgear ex2700_firmware *
netgear rbr40_firmware *
netgear rbr20_firmware *
netgear ex6150v2_firmware *
netgear ex6400v2_firmware *
netgear ex6410_firmware *
netgear r7500v2_firmware *
netgear r7800_firmware *
netgear ex6250_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear ex6400_firmware *
netgear wnr2000v5_firmware *
netgear d7800_firmware *
netgear ex6200v2_firmware *
netgear dm200_firmware *
netgear rbk20_firmware *
netgear r8900_firmware *
netgear ex7320_firmware *
CVE-2021-45549 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects LAX20 before 1.1.6.28, MK62 before 1.1.6.122, MR60 before 1.1.6.122, MS60 before 1.1.6.122, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.116, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.38, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RS400 before 1.5.1.80, and XR1000 before 1.0.0.58.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear lax20_firmware *
netgear r7850_firmware *
netgear r7000_firmware *
netgear r7900p_firmware *
netgear rax20_firmware *
netgear r7000p_firmware *
netgear rax43_firmware *
netgear r8000_firmware *
netgear rax200_firmware *
netgear rax50_firmware *
netgear rax75_firmware *
netgear ms60_firmware *
netgear r6400_firmware *
netgear rax15_firmware *
netgear r6900p_firmware *
netgear rax45_firmware *
netgear rax80_firmware *
netgear rax40_firmware *
netgear xr1000_firmware *
netgear r6700_firmware *
netgear r7900_firmware *
netgear mr60_firmware *
netgear rax35_firmware *
netgear r7960p_firmware *
netgear rs400_firmware *
netgear r8000p_firmware *
netgear mk62_firmware *
CVE-2021-45550 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.78, D6100 before 1.0.0.63, D6220 before 1.0.0.52, D6400 before 1.0.0.86, D7800 before 1.0.1.56, D8500 before 1.0.3.44, DGN2200Bv4 before 1.0.0.109, DGN2200v4 before 1.0.0.110, R6250 before 1.0.4.34, R6300v2 before 1.0.4.34, R6400 before 1.0.1.46, R6400v2 before 1.0.2.66, R6700 before 1.0.2.6, R6700v3 before 1.0.2.66, R6900 before 1.0.2.4, R6900P before 1.3.1.64, R7000 before 1.0.9.42, R7000P before 1.3.1.64, R7100LG before 1.0.0.50, R7300 before 1.0.0.70, R7900 before 1.0.3.8, R7900P before 1.4.1.30, R8000 before 1.0.4.28, R8000P before 1.4.1.30, R8300 before 1.0.2.128, R8500 before 1.0.2.128, WNDR3400v3 before 1.0.1.24, WNR3500Lv2 before 1.2.0.62, and XR500 before 2.3.2.56.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 6.6 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H 0.7 5.9
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear r6900_firmware *
netgear r7000_firmware *
netgear r7900p_firmware *
netgear d6220_firmware *
netgear r7000p_firmware *
netgear wnr3500l_firmware *
netgear d6100_firmware *
netgear r8000_firmware *
netgear d6400_firmware *
netgear r7300_firmware *
netgear r6400_firmware *
netgear wndr3400_firmware *
netgear r8500_firmware *
netgear r6250_firmware *
netgear r6900p_firmware *
netgear dgn2200_firmware *
netgear dgn2200b_firmware *
netgear r8300_firmware *
netgear d8500_firmware *
netgear r6700_firmware *
netgear d6000_firmware *
netgear xr500_firmware *
netgear r7900_firmware *
netgear d7800_firmware *
netgear r6300_firmware *
netgear d3600_firmware *
netgear r7100lg_firmware *
netgear r8000p_firmware *
CVE-2021-45551 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.42, R6080 before 1.0.0.42, R6050 before 1.0.1.26, JR6150 before 1.0.1.26, R6120 before 1.0.0.66, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.64, R6800 before 1.2.0.62, R6700v2 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.62, AC2100 before 1.2.0.62, AC2400 before 1.2.0.62, AC2600 before 1.2.0.62, and WNR2020 before 1.1.0.62.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
cve@mitre.org 7.6 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L 2.1 5.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear r6900v2_firmware *
netgear r6260_firmware *
netgear r6230_firmware *
netgear d7000_firmware *
netgear r6050_firmware *
netgear r6080_firmware *
netgear r6700v2_firmware *
netgear ac2100_firmware *
netgear r7450_firmware *
netgear r6020_firmware *
netgear d6200_firmware *
netgear ac2600_firmware *
netgear r6220_firmware *
netgear jr6150_firmware *
netgear r6800_firmware *
netgear ac2400_firmware *
netgear wnr2020_firmware *
netgear r6120_firmware *
CVE-2021-45552 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.58, R7500v2 before 1.0.3.48, R7800 before 1.0.2.68, R8900 before 1.0.5.2, R9000 before 1.0.5.2, RAX120 before 1.0.1.108, and XR700 before 1.0.1.20.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 6.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L 0.8 5.5
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear r7500v2_firmware *
netgear r7800_firmware *
netgear xr700_firmware *
netgear r8900_firmware *
netgear r9000_firmware *
netgear rax120_firmware *
CVE-2021-45553 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7000 before 1.0.11.126, R6900P before 1.3.2.126, and R7000P before 1.3.2.126.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
cve@mitre.org 8.7 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L 2.0 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear r7000_firmware *
netgear r7000p_firmware *
netgear r6900p_firmware *
CVE-2021-45554 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6400 before 1.0.1.74, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R7000 before 1.0.11.126, R6900P before 1.3.3.140, R7000P before 1.3.3.140, and R8000 before 1.0.4.74.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear r7000_firmware *
netgear r6400_firmware *
netgear r7000p_firmware *
netgear r8000_firmware *
netgear r6400v2_firmware *
netgear r6900p_firmware *
netgear r6700v3_firmware *
CVE-2021-45555 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7900P before 1.4.2.84, R7960P before 1.4.2.84, and R8000P before 1.4.2.84.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear r7900p_firmware *
netgear r7960p_firmware *
netgear r8000p_firmware *
CVE-2021-45556 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects GS108Tv2 before 5.4.2.36, GS110TPP before 7.0.7.2, GS110TPv2 before 5.4.2.36., GS110TPv3 before 7.0.7.2, GS308T before 1.0.3.2, GS310TP before 1.0.3.2, GS724TPP before 2.0.6.3, GS724TPv2 before 2.0.6.3, GS728TPPv2 before 6.0.8.2, GS728TPv2 before 6.0.8.2, GS752TPP before 6.0.8.2, GS752TPv2 before 6.0.8.2, MS510TXM before 1.0.4.2, and MS510TXUP before 1.0.4.2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
cve@mitre.org 7.5 HIGH CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:H 1.0 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear gs724tpp_firmware *
netgear gs308t_firmware *
netgear ms510txm_firmware *
netgear gs110tpv3_firmware *
netgear gs110tpp_firmware *
netgear gs728tpv2_firmware *
netgear gs752tpp_firmware *
netgear ms510txup_firmware *
netgear gs108tv2_firmware *
netgear gs728tppv2_firmware *
netgear gs752tpv2_firmware *
netgear gs310tp_firmware *
netgear gs724tpv2_firmware *
netgear gs110tpv2_firmware *
CVE-2021-45557 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects GC108P before 1.0.8.2, GC108PP before 1.0.8.2, GS108Tv3 before 7.0.7.2, GS110TPv3 before 7.0.7.2, GS110TPP before 7.0.7.2, GS110TUP before 1.0.5.3, GS710TUP before 1.0.5.3, GS308T before 1.0.3.2, GS310TP before 1.0.3.2, GS710TUP before 1.0.5.3, GS716TP before 1.0.4.2, GS716TPP before 1.0.4.2, GS724TPP before 2.0.6.3, GS724TPv2 before 2.0.6.3, GS724TPP before 2.0.6.3, GS728TPPv2 before 6.0.8.2, GS728TPv2 before 6.0.8.2, GS752TPv2 before 6.0.8.2, GS752TPP before 6.0.8.2, GS750E before 1.0.1.10, MS510TXM before 1.0.4.2, and MS510TXUP before 1.0.4.2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
cve@mitre.org 7.5 HIGH CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:H 1.0 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear gs724tpp_firmware *
netgear gs308t_firmware *
netgear gs750e_firmware *
netgear gs716tp_firmware *
netgear ms510txm_firmware *
netgear gs110tpv3_firmware *
netgear gs110tpp_firmware *
netgear gc108pp_firmware *
netgear gs110tup_firmware *
netgear gs728tpv2_firmware *
netgear gs752tpp_firmware *
netgear ms510txup_firmware *
netgear gs710tup_firmware *
netgear gs716tpp_firmware *
netgear gs728tppv2_firmware *
netgear gs752tpv2_firmware *
netgear gs310tp_firmware *
netgear gs108tv3_firmware *
netgear gs724tpv2_firmware *
netgear gc108p_firmware *
CVE-2021-45558 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
CVE-2021-45559 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
CVE-2021-45560 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
CVE-2021-45561 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
CVE-2021-45562 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
CVE-2021-45563 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
CVE-2021-45564 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
CVE-2021-45565 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
CVE-2021-45566 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
CVE-2021-45567 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
CVE-2021-45568 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
CVE-2021-45569 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
CVE-2021-45570 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
CVE-2021-45571 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
CVE-2021-45572 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
CVE-2021-45573 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects R6260 before 1.1.0.76, R6800 before 1.2.0.62, R6700v2 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.62, AC2100 before 1.2.0.62, AC2400 before 1.2.0.62, and AC2600 before 1.2.0.62.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
cve@mitre.org 8.3 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L 2.8 5.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear r6260_firmware *
netgear ac2600_firmware *
netgear r6900_firmware *
netgear ac2100_firmware *
netgear r7450_firmware *
netgear r6700_firmware *
netgear r6800_firmware *
netgear ac2400_firmware *
CVE-2021-45574 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
CVE-2021-45575 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
CVE-2021-45576 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
CVE-2021-45577 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
CVE-2021-45578 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
CVE-2021-45579 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
CVE-2021-45580 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
CVE-2021-45581 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
CVE-2021-45582 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
CVE-2021-45583 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
CVE-2021-45584 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
CVE-2021-45585 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
CVE-2021-45586 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
CVE-2021-45587 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
CVE-2021-45588 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
CVE-2021-45589 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
CVE-2021-45590 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
CVE-2021-45591 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
CVE-2021-45592 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
CVE-2021-45593 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBR20 before 2.7.3.22, RBR40 before 2.7.3.22, RBR50 before 2.7.2.102, RBS20 before 2.7.3.22, RBS40 before 2.7.3.22, RBR50 before 2.7.2.102, RBK20 before 2.7.3.22, RBK40 before 2.7.3.22, and RBK50 before 2.7.2.102.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear rbs20_firmware *
netgear rbk20_firmware *
netgear rbk40_firmware *
netgear rbr40_firmware *
netgear rbr20_firmware *
CVE-2021-45594 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBS50Y before 2.7.3.22, RBR20 before 2.7.3.22, RBR40 before 2.7.3.22, RBR50 before 2.7.3.22, RBS20 before 2.7.3.22, RBS40 before 2.7.3.22, RBS50 before 2.7.3.22, RBK20 before 2.7.3.22, RBK40 before 2.7.3.22, and RBK50 before 2.7.3.22.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear rbs50_firmware *
netgear rbs20_firmware *
netgear rbk20_firmware *
netgear rbk40_firmware *
netgear rbr40_firmware *
netgear rbs50y_firmware *
netgear rbr20_firmware *
CVE-2021-45595 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects LBR20 before 2.6.3.50, RBS50Y before 2.7.3.22, RBR10 before 2.7.3.22, RBR20 before 2.7.3.22, RBR40 before 2.7.3.22, RBR50 before 2.7.3.22, RBS10 before 2.7.3.22, RBS20 before 2.7.3.22, RBS40 before 2.7.3.22, RBS50 before 2.7.3.22, RBK12 before 2.7.3.22, RBK20 before 2.7.3.22, RBK40 before 2.7.3.22, and RBK50 before 2.7.3.22.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
cve@mitre.org 7.6 HIGH CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 1.0 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear rbs50_firmware *
netgear lbr20_firmware *
netgear rbs10_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear rbs20_firmware *
netgear rbk20_firmware *
netgear rbk12_firmware *
netgear rbk40_firmware *
netgear rbr10_firmware *
netgear rbr40_firmware *
netgear rbs50y_firmware *
netgear rbr20_firmware *
CVE-2021-45596 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
netgear cbr750_firmware *
CVE-2021-45597 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, and RBS850 before 3.2.17.12.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear cbr40_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear cbr750_firmware *
CVE-2021-45598 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear cbr40_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear cbr750_firmware *
CVE-2021-45599 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear cbr40_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear cbr750_firmware *
CVE-2021-45600 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects CBR750 before 4.6.3.6, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear cbr750_firmware *
CVE-2021-45601 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear cbr40_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear cbr750_firmware *
CVE-2021-45602 MEDIUM

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.66, EX2700 before 1.0.1.68, WN3000RPv2 before 1.0.0.90, WN3000RPv3 before 1.0.2.100, LBR1020 before 2.6.5.20, LBR20 before 2.6.5.32, R6700AX before 1.0.10.110, R7800 before 1.0.2.86, R8900 before 1.0.5.38, R9000 before 1.0.5.38, RAX10 before 1.0.10.110, RAX120v1 before 1.2.3.28, RAX120v2 before 1.2.3.28, RAX70 before 1.0.10.110, RAX78 before 1.0.10.110, XR450 before 2.3.2.130, XR500 before 2.3.2.130, and XR700 before 1.0.1.46.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
cve@mitre.org 6.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L 1.8 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
netgear r6700ax_firmware *
netgear rax120v1_firmware *
netgear lbr20_firmware *
netgear wn3000rpv3_firmware *
netgear r7800_firmware *
netgear rax10_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rax78_firmware *
netgear d7800_firmware *
netgear xr450_firmware *
netgear rax120v2_firmware *
netgear lbr1020_firmware *
netgear rax70_firmware *
netgear xr700_firmware *
netgear wn3000rpv2_firmware *
netgear r8900_firmware *
netgear ex2700_firmware *
CVE-2021-45603 LOW

Certain NETGEAR devices are affected by disclosure of sensitive information. A UPnP request reveals a device's serial number, which can be used for a password reset. This affects D7800 before 1.0.1.66, EX2700 before 1.0.1.68, WN3000RPv2 before 1.0.0.90, WN3000RPv3 before 1.0.2.100, LBR1020 before 2.6.5.20, LBR20 before 2.6.5.32, R6700AX before 1.0.10.110, R7800 before 1.0.2.86, R8900 before 1.0.5.38, R9000 before 1.0.5.38, RAX10 before 1.0.10.110, RAX120v1 before 1.2.3.28, RAX120v2 before 1.2.3.28, RAX70 before 1.0.10.110, RAX78 before 1.0.10.110, XR450 before 2.3.2.130, XR500 before 2.3.2.130, and XR700 before 1.0.1.46.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 6.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L 1.8 4.2
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
netgear r6700ax_firmware *
netgear rax120v1_firmware *
netgear lbr20_firmware *
netgear wn3000rpv3_firmware *
netgear r7800_firmware *
netgear rax10_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear rax78_firmware *
netgear d7800_firmware *
netgear xr450_firmware *
netgear rax120v2_firmware *
netgear lbr1020_firmware *
netgear rax70_firmware *
netgear xr700_firmware *
netgear wn3000rpv2_firmware *
netgear r8900_firmware *
netgear ex2700_firmware *
CVE-2021-45604 LOW

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects CBR750 before 3.2.18.2, D6220 before 1.0.0.68, D6400 before 1.0.0.102, D8500 before 1.0.3.60, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6300v2 before 1.0.4.50, R6400 before 1.0.1.68, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.116, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.38, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, and XR1000 before 1.0.0.58.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 0.9 3.6
cve@mitre.org 4.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 0.9 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear lax20_firmware *
netgear r7850_firmware *
netgear r7000_firmware *
netgear r7900p_firmware *
netgear rax20_firmware *
netgear d6220_firmware *
netgear r7000p_firmware *
netgear rax43_firmware *
netgear rbk852_firmware *
netgear r8000_firmware *
netgear rbr850_firmware *
netgear d6400_firmware *
netgear rbr750_firmware *
netgear rax200_firmware *
netgear rax50_firmware *
netgear rax75_firmware *
netgear rbk752_firmware *
netgear ms60_firmware *
netgear r6400_firmware *
netgear rax15_firmware *
netgear r6900p_firmware *
netgear cbr750_firmware *
netgear rax45_firmware *
netgear rax80_firmware *
netgear d8500_firmware *
netgear rax40_firmware *
netgear xr1000_firmware *
netgear r6700_firmware *
netgear rbs750_firmware *
netgear r7900_firmware *
netgear mr60_firmware *
netgear r6300_firmware *
netgear rax35_firmware *
netgear r7960p_firmware *
netgear rs400_firmware *
netgear rbs850_firmware *
netgear r8000p_firmware *
netgear mk62_firmware *
CVE-2021-45605 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R6400 before 1.0.1.68, R7000 before 1.0.11.116, R6900P before 1.3.3.140, R7000P before 1.3.3.140, R7900 before 1.0.4.38, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, and XR300 before 1.0.3.50.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 6.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H 1.5 4.0
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear r7900_firmware *
netgear rax75_firmware *
netgear rax80_firmware *
netgear r7000_firmware *
netgear r6400_firmware *
netgear r7000p_firmware *
netgear xr300_firmware *
netgear r6900p_firmware *
CVE-2021-45606 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R6400 before 1.0.1.70, R7000 before 1.0.11.126, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX200 before 1.0.4.120, RS400 before 1.5.1.80, R6400v2 before 1.0.4.118, R7000P before 1.3.3.140, RAX80 before 1.0.4.120, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, and RAX75 before 1.0.4.120.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 4.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 0.9 3.6
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear rax80_firmware *
netgear r7000_firmware *
netgear r7900p_firmware *
netgear r7000p_firmware *
netgear r8000_firmware *
netgear r6400v2_firmware *
netgear rax200_firmware *
netgear r6700v3_firmware *
netgear r7900_firmware *
netgear rax75_firmware *
netgear r6400_firmware *
netgear r7960p_firmware *
netgear rs400_firmware *
netgear r8000p_firmware *
netgear r6900p_firmware *
CVE-2021-45607 MEDIUM

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, RAX200 before 1.0.5.126, RAX75 before 1.0.5.126, and RAX80 before 1.0.5.126.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear rax75_firmware *
netgear rax80_firmware *
netgear r7000_firmware *
netgear r7000p_firmware *
netgear r6400v2_firmware *
netgear r6900p_firmware *
netgear rax200_firmware *
netgear r6700v3_firmware *
CVE-2021-45608 HIGH

Certain D-Link, Edimax, NETGEAR, TP-Link, Tenda, and Western Digital devices are affected by an integer overflow by an unauthenticated attacker. Remote code execution from the WAN interface (TCP port 20005) cannot be ruled out; however, exploitability was judged to be of "rather significant complexity" but not "impossible." The overflow is in SoftwareBus_dispatchNormalEPMsgOut in the KCodes NetUSB kernel module. Affected NETGEAR devices are D7800 before 1.0.1.68, R6400v2 before 1.0.4.122, and R6700v3 before 1.0.4.122.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 6.5 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N 2.2 4.2
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear r6400v2_firmware *
netgear r6700v3_firmware *
CVE-2021-45609 HIGH

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D8500 before 1.0.3.58, R6250 before 1.0.4.48, R7000 before 1.0.11.116, R7100LG before 1.0.0.64, R7900 before 1.0.4.38, R8300 before 1.0.2.144, R8500 before 1.0.2.144, XR300 before 1.0.3.68, R7000P before 1.3.2.132, and R6900P before 1.3.2.132.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netgear r7900_firmware *
netgear r7000_firmware *
netgear r7000p_firmware *
netgear d8500_firmware *
netgear r7100lg_firmware *
netgear xr300_firmware *
netgear r8500_firmware *
netgear r6250_firmware *
netgear r6900p_firmware *
netgear r8300_firmware *
CVE-2021-45610 HIGH

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D6220 before 1.0.0.66, D6400 before 1.0.0.100, D7000v2 before 1.0.0.66, D8500 before 1.0.3.58, DC112A before 1.0.0.52, DGN2200v4 before 1.0.0.118, EAX80 before 1.0.1.64, R6250 before 1.0.4.48, R7000 before 1.0.11.110, R7100LG before 1.0.0.72, R7900 before 1.0.4.30, R7960P before 1.4.1.64, R8000 before 1.0.4.62, RAX200 before 1.0.3.106, RS400 before 1.5.1.80, XR300 before 1.0.3.68, R6400v2 before 1.0.4.106, R7000P before 1.3.2.132, R8000P before 1.4.1.64, RAX20 before 1.0.2.82, RAX45 before 1.0.2.82, RAX80 before 1.0.3.106, R6700v3 before 1.0.4.106, R6900P before 1.3.2.132, R7900P before 1.4.1.64, RAX15 before 1.0.2.82, RAX50 before 1.0.2.82, and RAX75 before 1.0.3.106.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netgear d7000v2_firmware *
netgear r7000_firmware *
netgear r7900p_firmware *
netgear rax20_firmware *
netgear d6220_firmware *
netgear r7000p_firmware *
netgear dgn2200v4_firmware *
netgear r8000_firmware *
netgear d6400_firmware *
netgear r6400v2_firmware *
netgear rax200_firmware *
netgear rax50_firmware *
netgear rax75_firmware *
netgear rax15_firmware *
netgear r6250_firmware *
netgear r6900p_firmware *
netgear rax45_firmware *
netgear rax80_firmware *
netgear d8500_firmware *
netgear xr300_firmware *
netgear dc112a_firmware *
netgear r6700v3_firmware *
netgear r7900_firmware *
netgear r7960p_firmware *
netgear rs400_firmware *
netgear r7100lg_firmware *
netgear eax80_firmware *
netgear r8000p_firmware *
CVE-2021-45611 HIGH

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects DC112A before 1.0.0.52, R6400 before 1.0.1.68, RAX200 before 1.0.3.106, WNDR3400v3 before 1.0.1.38, XR300 before 1.0.3.68, R8500 before 1.0.2.144, RAX75 before 1.0.3.106, R8300 before 1.0.2.144, and RAX80 before 1.0.3.106.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netgear rax75_firmware *
netgear rax80_firmware *
netgear r6400_firmware *
netgear xr300_firmware *
netgear dc112a_firmware *
netgear r8500_firmware *
netgear rax200_firmware *
netgear wndr3400v3_firmware *
netgear r8300_firmware *
CVE-2021-45612 HIGH

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, EX7500 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, R7850 before 1.0.5.74, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, XR1000 before 1.0.0.58, and XR300 before 1.0.3.68.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear lax20_firmware *
netgear r7850_firmware *
netgear r7000_firmware *
netgear r7900p_firmware *
netgear rax20_firmware *
netgear r7000p_firmware *
netgear rax35v2_firmware *
netgear rax43_firmware *
netgear rbk852_firmware *
netgear r8000_firmware *
netgear rbr850_firmware *
netgear rbr750_firmware *
netgear eax20_firmware *
netgear r6400v2_firmware *
netgear rax200_firmware *
netgear rax50_firmware *
netgear rax75_firmware *
netgear rbk752_firmware *
netgear ms60_firmware *
netgear ex7500_firmware *
netgear rax15_firmware *
netgear r6900p_firmware *
netgear cbr750_firmware *
netgear rax45_firmware *
netgear cbr40_firmware *
netgear rax40v2_firmware *
netgear rax80_firmware *
netgear xr300_firmware *
netgear xr1000_firmware *
netgear rbs750_firmware *
netgear r6700v3_firmware *
netgear r7900_firmware *
netgear mr60_firmware *
netgear r7960p_firmware *
netgear rs400_firmware *
netgear rbs850_firmware *
netgear eax80_firmware *
netgear r8000p_firmware *
netgear mk62_firmware *
CVE-2021-45613 HIGH

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, D7000v2 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, MR80 before 1.1.2.20, MS80 before 1.1.2.20, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX43 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX35v2 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, and XR1000 before 1.0.0.58.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear lax20_firmware *
netgear d7000v2_firmware *
netgear rax20_firmware *
netgear rax35v2_firmware *
netgear rax43_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbr750_firmware *
netgear rax200_firmware *
netgear rax50_firmware *
netgear rax75_firmware *
netgear rbk752_firmware *
netgear ms60_firmware *
netgear rax15_firmware *
netgear mr80_firmware *
netgear cbr750_firmware *
netgear rax45_firmware *
netgear cbr40_firmware *
netgear rax40v2_firmware *
netgear rax80_firmware *
netgear xr1000_firmware *
netgear rbs750_firmware *
netgear ms80_firmware *
netgear mr60_firmware *
netgear rbs850_firmware *
netgear mk62_firmware *
CVE-2021-45614 HIGH

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7000v2 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX43 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX35v2 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, and XR1000 before 1.0.0.58.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear lax20_firmware *
netgear rax40v2_firmware *
netgear rax80_firmware *
netgear d7000v2_firmware *
netgear rax20_firmware *
netgear rax35v2_firmware *
netgear rax43_firmware *
netgear rbk852_firmware *
netgear xr1000_firmware *
netgear rbr850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
netgear rax200_firmware *
netgear rax50_firmware *
netgear rax75_firmware *
netgear rbk752_firmware *
netgear mr60_firmware *
netgear ms60_firmware *
netgear rax15_firmware *
netgear rbs850_firmware *
netgear rax45_firmware *
netgear mk62_firmware *
CVE-2021-45615 MEDIUM

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000P before 1.4.2.84, R8300 before 1.0.2.154, R8500 before 1.0.2.154, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear cbr40_firmware *
netgear r7900p_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
netgear rbk752_firmware *
netgear r7960p_firmware *
netgear rbs850_firmware *
netgear r8000p_firmware *
netgear r8500_firmware *
netgear cbr750_firmware *
netgear r8300_firmware *
CVE-2021-45616 HIGH

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 3.2.18.2, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, and XR1000 before 1.0.0.58.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear lax20_firmware *
netgear r7850_firmware *
netgear r7000_firmware *
netgear r7900p_firmware *
netgear rax20_firmware *
netgear r7000p_firmware *
netgear rax35v2_firmware *
netgear rax43_firmware *
netgear rbk852_firmware *
netgear r8000_firmware *
netgear rbr850_firmware *
netgear rbr750_firmware *
netgear rax200_firmware *
netgear rax50_firmware *
netgear rax75_firmware *
netgear rbk752_firmware *
netgear ms60_firmware *
netgear rax15_firmware *
netgear r6900p_firmware *
netgear cbr750_firmware *
netgear rax45_firmware *
netgear rax40v2_firmware *
netgear rax80_firmware *
netgear xr1000_firmware *
netgear rbs750_firmware *
netgear r7900_firmware *
netgear mr60_firmware *
netgear r7960p_firmware *
netgear rs400_firmware *
netgear rbs850_firmware *
netgear r8000p_firmware *
netgear mk62_firmware *
CVE-2021-45617 HIGH

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX7500 before 1.0.0.72, R6400 before 1.0.1.68, R6900P before 1.3.2.132, R7000 before 1.0.11.116, R7000P before 1.3.2.132, R7900 before 1.0.4.38, R7960P before 1.4.1.66, R8000 before 1.0.4.66, RAX200 before 1.0.3.106, RS400 before 1.5.1.80, XR300 before 1.0.3.68, MK62 before 1.0.6.110, MR60 before 1.0.6.110, R6400v2 before 1.0.4.106, R8000P before 1.4.1.66, RAX20 before 1.0.2.64, RAX45 before 1.0.2.82, RAX80 before 1.0.3.106, MS60 before 1.0.6.110, R6700v3 before 1.0.4.106, R7900P before 1.4.1.66, RAX15 before 1.0.2.64, RAX50 before 1.0.2.82, RAX75 before 1.0.3.106, RBR750 before 3.2.16.22, RBR850 before 3.2.16.22, RBS750 before 3.2.16.22, RBS850 before 3.2.16.22, RBK752 before 3.2.16.22, and RBK852 before 3.2.16.22.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cve@mitre.org 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear r7000_firmware *
netgear r7900p_firmware *
netgear rax20_firmware *
netgear r7000p_firmware *
netgear rbk852_firmware *
netgear r8000_firmware *
netgear rbr850_firmware *
netgear rbr750_firmware *
netgear eax20_firmware *
netgear r6400v2_firmware *
netgear rax200_firmware *
netgear rax50_firmware *
netgear rax75_firmware *
netgear rbk752_firmware *
netgear ms60_firmware *
netgear ex7500_firmware *
netgear r6400_firmware *
netgear rax15_firmware *
netgear r6900p_firmware *
netgear rax45_firmware *
netgear cbr40_firmware *
netgear rax80_firmware *
netgear xr300_firmware *
netgear rbs750_firmware *
netgear r6700v3_firmware *
netgear r7900_firmware *
netgear mr60_firmware *
netgear r7960p_firmware *
netgear rs400_firmware *
netgear rbs850_firmware *
netgear eax80_firmware *
netgear r8000p_firmware *
netgear mk62_firmware *
CVE-2021-45618 HIGH

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7800 before 1.0.1.64, EX6200v2 before 1.0.1.86, EX6250 before 1.0.0.134, EX7700 before 1.0.0.216, EX8000 before 1.0.1.232, LBR20 before 2.6.3.50, R7800 before 1.0.2.80, R8900 before 1.0.5.26, R9000 before 1.0.5.26, RAX120 before 1.2.0.16, RBS50Y before 1.0.0.56, WNR2000v5 before 1.0.0.76, XR450 before 2.3.2.114, XR500 before 2.3.2.114, XR700 before 1.0.1.36, EX6150v2 before 1.0.1.98, EX7300 before 1.0.2.158, EX7320 before 1.0.0.134, EX6100v2 before 1.0.1.98, EX6400 before 1.0.2.158, EX7300v2 before 1.0.0.134, EX6410 before 1.0.0.134, RBR10 before 2.6.1.44, RBR20 before 2.6.2.104, RBR40 before 2.6.2.104, RBR50 before 2.7.2.102, EX6420 before 1.0.0.134, RBS10 before 2.6.1.44, RBS20 before 2.6.2.104, RBS40 before 2.6.2.104, RBS50 before 2.7.2.102, EX6400v2 before 1.0.0.134, RBK12 before 2.6.1.44, RBK20 before 2.6.2.104, RBK40 before 2.6.2.104, and RBK50 before 2.7.2.102.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear rbs50_firmware *
netgear lbr20_firmware *
netgear rbs10_firmware *
netgear rax120_firmware *
netgear ex7300_firmware *
netgear ex7300v2_firmware *
netgear ex6420_firmware *
netgear rbr50_firmware *
netgear xr450_firmware *
netgear rbs20_firmware *
netgear rbk12_firmware *
netgear xr700_firmware *
netgear rbk40_firmware *
netgear rbr10_firmware *
netgear rbr40_firmware *
netgear rbs50y_firmware *
netgear rbr20_firmware *
netgear ex6150v2_firmware *
netgear ex6400v2_firmware *
netgear ex6410_firmware *
netgear ex8000_firmware *
netgear r7800_firmware *
netgear ex6250_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear ex6400_firmware *
netgear wnr2000v5_firmware *
netgear d7800_firmware *
netgear rbk50_firmware *
netgear ex6200v2_firmware *
netgear rbk20_firmware *
netgear ex7700_firmware *
netgear ex6100v2_firmware *
netgear r8900_firmware *
netgear ex7320_firmware *
CVE-2021-45619 HIGH

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects EX6200v2 before 1.0.1.86, EX6250 before 1.0.0.134, EX7700 before 1.0.0.216, EX8000 before 1.0.1.232, LBR1020 before 2.6.3.58, LBR20 before 2.6.3.50, R7800 before 1.0.2.80, R8900 before 1.0.5.26, R9000 before 1.0.5.26, RBS50Y before 2.7.3.22, WNR2000v5 before 1.0.0.76, XR700 before 1.0.1.36, EX6150v2 before 1.0.1.98, EX7300 before 1.0.2.158, EX7320 before 1.0.0.134, RAX10 before 1.0.2.88, RAX120 before 1.2.0.16, RAX70 before 1.0.2.88, EX6100v2 before 1.0.1.98, EX6400 before 1.0.2.158, EX7300v2 before 1.0.0.134, R6700AX before 1.0.2.88, RAX120v2 before 1.2.0.16, RAX78 before 1.0.2.88, EX6410 before 1.0.0.134, RBR10 before 2.7.3.22, RBR20 before 2.7.3.22, RBR350 before 4.3.4.7, RBR40 before 2.7.3.22, RBR50 before 2.7.3.22, EX6420 before 1.0.0.134, RBS10 before 2.7.3.22, RBS20 before 2.7.3.22, RBS350 before 4.3.4.7, RBS40 before 2.7.3.22, RBS50 before 2.7.3.22, EX6400v2 before 1.0.0.134, RBK12 before 2.7.3.22, RBK20 before 2.7.3.22, RBK352 before 4.3.4.7, RBK40 before 2.7.3.22, and RBK50 before 2.7.3.22.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear r6700ax_firmware *
netgear rbs50_firmware *
netgear lbr20_firmware *
netgear rax10_firmware *
netgear rbs10_firmware *
netgear rax78_firmware *
netgear rax120_firmware *
netgear ex7300_firmware *
netgear ex7300v2_firmware *
netgear ex6420_firmware *
netgear rbr50_firmware *
netgear rbs350_firmware *
netgear rbs20_firmware *
netgear rbk12_firmware *
netgear rax70_firmware *
netgear xr700_firmware *
netgear rbk40_firmware *
netgear rbr10_firmware *
netgear rbr40_firmware *
netgear rbs50y_firmware *
netgear rbr20_firmware *
netgear ex6150v2_firmware *
netgear ex6400v2_firmware *
netgear ex6410_firmware *
netgear ex8000_firmware *
netgear r7800_firmware *
netgear ex6250_firmware *
netgear r9000_firmware *
netgear ex6400_firmware *
netgear wnr2000v5_firmware *
netgear rbk50_firmware *
netgear ex6200v2_firmware *
netgear rax120v2_firmware *
netgear rbr350_firmware *
netgear lbr1020_firmware *
netgear rbk20_firmware *
netgear ex7700_firmware *
netgear ex6100v2_firmware *
netgear rbk352_firmware *
netgear r8900_firmware *
netgear ex7320_firmware *
CVE-2021-45620 HIGH

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, LAX20 before 1.1.6.28, MR60 before 1.0.6.116, MR80 before 1.1.2.20, MS60 before 1.0.6.116, MS80 before 1.1.2.20, MK62 before 1.0.6.116, MK83 before 1.1.2.20, R6400 before 1.0.1.70, R6400v2 before 1.0.4.106, R6700v3 before 1.0.4.106, R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, R7850 before 1.0.5.74, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, XR1000 before 1.0.0.58, and XR300 before 1.0.3.68.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear lax20_firmware *
netgear r7850_firmware *
netgear r7000_firmware *
netgear r7900p_firmware *
netgear rax20_firmware *
netgear r7000p_firmware *
netgear rax35v2_firmware *
netgear rax43_firmware *
netgear rbk852_firmware *
netgear mk83_firmware *
netgear r8000_firmware *
netgear rbr850_firmware *
netgear rbr750_firmware *
netgear eax20_firmware *
netgear r6400v2_firmware *
netgear rax200_firmware *
netgear rax50_firmware *
netgear rax75_firmware *
netgear rbk752_firmware *
netgear ms60_firmware *
netgear r6400_firmware *
netgear rax15_firmware *
netgear mr80_firmware *
netgear r6900p_firmware *
netgear cbr750_firmware *
netgear rax45_firmware *
netgear cbr40_firmware *
netgear rax40v2_firmware *
netgear rax80_firmware *
netgear xr300_firmware *
netgear xr1000_firmware *
netgear rbs750_firmware *
netgear r6700v3_firmware *
netgear ms80_firmware *
netgear r7900_firmware *
netgear mr60_firmware *
netgear r7960p_firmware *
netgear rs400_firmware *
netgear rbs850_firmware *
netgear eax80_firmware *
netgear r8000p_firmware *
netgear mk62_firmware *
CVE-2021-45621 HIGH

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 3.2.18.2, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, EX3700 before 1.0.0.94, EX3800 before 1.0.0.94, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7000 before 1.0.1.104, EX7500 before 1.0.0.74, LAX20 before 1.1.6.28, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6300v2 before 1.0.4.52, R6400 before 1.0.1.70, R6400v2 before 1.0.4.106, R6700v3 before 1.0.4.106, R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, R7100LG before 1.0.0.72, R7850 before 1.0.5.74, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, R8300 before 1.0.2.154, R8500 before 1.0.2.154, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, XR1000 before 1.0.0.58, and XR300 before 1.0.3.68.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear r7850_firmware *
netgear r7000_firmware *
netgear rax20_firmware *
netgear rax43_firmware *
netgear r8000_firmware *
netgear eax20_firmware *
netgear r6400v2_firmware *
netgear rax200_firmware *
netgear rax75_firmware *
netgear ms60_firmware *
netgear r6400_firmware *
netgear rax15_firmware *
netgear ex6120_firmware *
netgear r8500_firmware *
netgear r6900p_firmware *
netgear cbr750_firmware *
netgear r8300_firmware *
netgear rax40v2_firmware *
netgear rax80_firmware *
netgear xr300_firmware *
netgear r7900_firmware *
netgear rs400_firmware *
netgear ex3700_firmware *
netgear eax80_firmware *
netgear lax20_firmware *
netgear r7900p_firmware *
netgear r7000p_firmware *
netgear rax35v2_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbr750_firmware *
netgear ex3800_firmware *
netgear rax50_firmware *
netgear rbk752_firmware *
netgear ex7500_firmware *
netgear rax45_firmware *
netgear cbr40_firmware *
netgear ex6130_firmware *
netgear ex7000_firmware *
netgear xr1000_firmware *
netgear rbs750_firmware *
netgear r6700v3_firmware *
netgear r6300v2_firmware *
netgear mr60_firmware *
netgear r7960p_firmware *
netgear r7100lg_firmware *
netgear rbs850_firmware *
netgear r8000p_firmware *
CVE-2021-45622 HIGH

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, EX7500 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6400 before 1.0.1.70, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.116, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.38, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, XR1000 before 1.0.0.58, and XR300 before 1.0.3.68.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear lax20_firmware *
netgear r7850_firmware *
netgear r7000_firmware *
netgear r7900p_firmware *
netgear rax20_firmware *
netgear r7000p_firmware *
netgear rax35v2_firmware *
netgear rax43_firmware *
netgear rbk852_firmware *
netgear r8000_firmware *
netgear rbr850_firmware *
netgear rbr750_firmware *
netgear eax20_firmware *
netgear r6400v2_firmware *
netgear rax200_firmware *
netgear rax50_firmware *
netgear rax75_firmware *
netgear rbk752_firmware *
netgear ms60_firmware *
netgear ex7500_firmware *
netgear r6400_firmware *
netgear rax15_firmware *
netgear r6900p_firmware *
netgear cbr750_firmware *
netgear rax45_firmware *
netgear cbr40_firmware *
netgear rax40v2_firmware *
netgear rax80_firmware *
netgear xr300_firmware *
netgear xr1000_firmware *
netgear rbs750_firmware *
netgear r6700v3_firmware *
netgear r7900_firmware *
netgear mr60_firmware *
netgear r7960p_firmware *
netgear rs400_firmware *
netgear rbs850_firmware *
netgear eax80_firmware *
netgear r8000p_firmware *
netgear mk62_firmware *
CVE-2021-45623 HIGH

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects R7800 before 1.0.2.74, R9000 before 1.0.5.2, and XR500 before 2.3.2.66.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cve@mitre.org 8.3 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L 2.8 5.5

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear r7800_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
CVE-2021-45624 HIGH

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7000v2 before 1.0.0.66, D8500 before 1.0.3.58, R7000 before 1.0.11.110, R7100LG before 1.0.0.72, R7900 before 1.0.4.30, R8000 before 1.0.4.62, XR300 before 1.0.3.56, R7000P before 1.3.2.132, R8500 before 1.0.2.144, R6900P before 1.3.2.132, and R8300 before 1.0.2.144.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear r7900_firmware *
netgear d7000v2_firmware *
netgear r7000_firmware *
netgear r7000p_firmware *
netgear d8500_firmware *
netgear r7100lg_firmware *
netgear xr300_firmware *
netgear r8000_firmware *
netgear r8500_firmware *
netgear r6900p_firmware *
netgear r8300_firmware *
CVE-2021-45625 HIGH

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects XR300 before 1.0.3.68, R7000P before 1.3.3.140, and R6900P before 1.3.3.140.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear r7000p_firmware *
netgear xr300_firmware *
netgear r6900p_firmware *
CVE-2021-45626 MEDIUM

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK20 before 2.6.1.36, RBR20 before 2.6.1.36, RBS20 before 2.6.1.38, RBK40 before 2.6.1.36, RBR40 before 2.6.1.36, RBS40 before 2.6.1.38, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, and RBS50Y before 2.6.1.40.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear rbs50_firmware *
netgear rbs20_firmware *
netgear rbk20_firmware *
netgear rbk40_firmware *
netgear rbr40_firmware *
netgear rbs50y_firmware *
netgear rbr20_firmware *
CVE-2021-45627 HIGH

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 4.6.3.6, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear cbr750_firmware *
CVE-2021-45628 MEDIUM

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 3.2.18.2, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBS40V before 2.6.2.4, and RBW30 before 2.6.2.2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear cbr40_firmware *
netgear rbs40v_firmware 2.6.2.4
netgear rbk752_firmware *
netgear rbw30_firmware *
netgear rbs40v_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
netgear cbr750_firmware *
CVE-2021-45629 MEDIUM

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
netgear cbr750_firmware *
CVE-2021-45630 HIGH

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear cbr40_firmware *
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
netgear cbr750_firmware *
CVE-2021-45631 MEDIUM

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear cbr40_firmware *
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
netgear cbr750_firmware *
CVE-2021-45632 MEDIUM

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
netgear cbr750_firmware *
CVE-2021-45633 MEDIUM

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 4.6.3.6, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, and RBK852 before 3.2.17.12.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
netgear cbr750_firmware *
CVE-2021-45634 MEDIUM

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
netgear cbr750_firmware *
CVE-2021-45635 MEDIUM

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear rbk752_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
netgear cbr750_firmware *
CVE-2021-45636 MEDIUM

NETGEAR D7000 devices before 1.0.1.82 are affected by a stack-based buffer overflow by an unauthenticated attacker.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
cve@mitre.org 5.4 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L 2.8 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear d7000_firmware *
CVE-2021-45637 HIGH

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects R6260 before 1.1.0.76, R6800 before 1.2.0.62, R6700v2 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.62, AC2100 before 1.2.0.62, AC2400 before 1.2.0.62, and AC2600 before 1.2.0.62.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 8.3 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L 2.8 5.5
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear r6900v2_firmware *
netgear r6260_firmware *
netgear ac2600_firmware *
netgear r6700v2_firmware *
netgear ac2100_firmware *
netgear r7450_firmware *
netgear r6800_firmware *
netgear ac2400_firmware *
CVE-2021-45638 HIGH

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6220 before 1.0.0.68, D6400 before 1.0.0.102, D7000v2 before 1.0.0.74, D8500 before 1.0.3.60, DC112A before 1.0.0.56, R6300v2 before 1.0.4.50, R6400 before 1.0.1.68, R7000 before 1.0.11.116, R7100LG before 1.0.0.70, RBS40V before 2.6.2.8, RBW30 before 2.6.2.2, RS400 before 1.5.1.80, R7000P before 1.3.2.132, and R6900P before 1.3.2.132.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear d7000v2_firmware *
netgear r7000_firmware *
netgear d6220_firmware *
netgear rbw30_firmware *
netgear r7000p_firmware *
netgear d8500_firmware *
netgear rbs40v_firmware *
netgear dc112a_firmware *
netgear d6400_firmware *
netgear r6300v2_firmware *
netgear r6400_firmware *
netgear rs400_firmware *
netgear r7100lg_firmware *
netgear r6900p_firmware *
CVE-2021-45639 MEDIUM

Certain NETGEAR devices are affected by reflected XSS. This affects CBR40 before 2.5.0.10, EAX20 before 1.0.0.32, EAX80 before 1.0.1.62, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7000 before 1.0.1.104, EX7500 before 1.0.0.72, R7000 before 1.0.11.110, R7900 before 1.0.4.30, R7960P before 1.4.1.66, R8000 before 1.0.4.62, RAX200 before 1.0.2.102, XR300 before 1.0.3.50, EX3700 before 1.0.0.90, MR60 before 1.0.5.102, R7000P before 1.3.2.126, R8000P before 1.4.1.66, RAX20 before 1.0.1.64, RAX50 before 1.0.2.28, RAX80 before 1.0.3.102, EX3800 before 1.0.0.90, MS60 before 1.0.5.102, R6900P before 1.3.2.126, R7900P before 1.4.1.66, RAX15 before 1.0.1.64, RAX45 before 1.0.2.28, RAX75 before 1.0.3.102, RBR750 before 3.2.16.6, RBR850 before 3.2.16.6, RBS750 before 3.2.16.6, RBS850 before 3.2.16.6, RBK752 before 3.2.16.6, and RBK852 before 3.2.16.6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7
cve@mitre.org 5.2 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.1 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear r7000_firmware *
netgear r7900p_firmware *
netgear rax20_firmware *
netgear r7000p_firmware *
netgear rbk852_firmware *
netgear r8000_firmware *
netgear rbr850_firmware *
netgear rbr750_firmware *
netgear eax20_firmware *
netgear ex3800_firmware *
netgear rax200_firmware *
netgear rax50_firmware *
netgear rax75_firmware *
netgear rbk752_firmware *
netgear ms60_firmware *
netgear ex7500_firmware *
netgear rax15_firmware *
netgear ex6120_firmware *
netgear r6900p_firmware *
netgear rax45_firmware *
netgear cbr40_firmware *
netgear rax80_firmware *
netgear ex6130_firmware *
netgear ex7000_firmware *
netgear xr300_firmware *
netgear rbs750_firmware *
netgear r7900_firmware *
netgear mr60_firmware *
netgear r7960p_firmware *
netgear ex3700_firmware *
netgear rbs850_firmware *
netgear eax80_firmware *
netgear r8000p_firmware *
CVE-2021-45640 MEDIUM

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, D6200 before 1.1.00.34, D6220 before 1.0.0.52, D6400 before 1.0.0.86, D7000 before 1.0.1.74, D7000v2 before 1.0.0.53, D7800 before 1.0.1.56, D8500 before 1.0.3.44, DC112A before 1.0.0.42, DGN2200v4 before 1.0.0.110, DGND2200Bv4 before 1.0.0.109, DM200 before 1.0.0.61, EX3700 before 1.0.0.76, EX3800 before 1.0.0.76, EX6120 before 1.0.0.46, EX6130 before 1.0.0.28, EX7000 before 1.0.1.78, PR2000 before 1.0.0.28, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6250 before 1.0.4.34, R6300v2 before 1.0.4.34, R6400 before 1.0.1.46, R6400v2 before 1.0.2.66, R6700 before 1.0.2.6, R6700v3 before 1.0.2.66, R6900 before 1.0.2.6, R7000 before 1.0.9.34, R7100LG before 1.0.0.50, R7500v2 before 1.0.3.40, R7900P before 1.4.1.50, R8000P before 1.4.1.50, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.28, RBK40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR20 before 2.3.0.28, RBR40 before 2.3.0.28, RBR50 before 2.3.0.32, RBS20 before 2.3.0.28, RBS40 before 2.3.0.28, RBS50 before 2.3.0.32, WN3000RPv2 before 1.0.0.78, WNDR3400v3 before 1.0.1.24, WNR2000v5 before 1.0.0.70, WNR2020 before 1.1.0.62, WNR3500Lv2 before 1.2.0.62, XR450 before 2.3.2.56, and XR500 before 2.3.2.56.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 3.9 LOW CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L 0.5 3.4
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear r6230_firmware *
netgear d7000v2_firmware *
netgear r6900_firmware *
netgear r7000_firmware *
netgear r6400v2_firmware *
netgear wndr3400v3_firmware *
netgear rbr50_firmware *
netgear r6400_firmware *
netgear ex6120_firmware *
netgear rbr40_firmware *
netgear r6250_firmware *
netgear rbr20_firmware *
netgear r7500v2_firmware *
netgear d8500_firmware *
netgear d6000_firmware *
netgear wnr2000v5_firmware *
netgear d7800_firmware *
netgear rbk20_firmware *
netgear ex3700_firmware *
netgear r8900_firmware *
netgear rbs40_firmware *
netgear wnr3500lv2_firmware *
netgear rbs50_firmware *
netgear d7000_firmware *
netgear r7900p_firmware *
netgear d6220_firmware *
netgear dgn2200v4_firmware *
netgear d6400_firmware *
netgear ex3800_firmware *
netgear xr450_firmware *
netgear rbs20_firmware *
netgear dgn2200bv4_firmware *
netgear wn3000rpv2_firmware *
netgear rbk40_firmware *
netgear pr2000_firmware *
netgear ex6130_firmware *
netgear ex7000_firmware *
netgear r6700_firmware *
netgear dc112a_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear r6700v3_firmware *
netgear r6300v2_firmware *
netgear rbk50_firmware *
netgear d6200_firmware *
netgear d3600_firmware *
netgear dm200_firmware *
netgear r7100lg_firmware *
netgear r8000p_firmware *
netgear r6220_firmware *
netgear wnr2020_firmware *
CVE-2021-45641 MEDIUM

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, D6200 before 1.1.00.34, D6220 before 1.0.0.52, D6400 before 1.0.0.86, D7000 before 1.0.1.74, D7000v2 before 1.0.0.53, D7800 before 1.0.1.56, D8500 before 1.0.3.44, DC112A before 1.0.0.42, DGN2200Bv4 before 1.0.0.109, DGN2200v4 before 1.0.0.110, DM200 before 1.0.0.61, EX3700 before 1.0.0.76, EX3800 before 1.0.0.76, EX6120 before 1.0.0.46, EX6130 before 1.0.0.28, EX7000 before 1.0.1.78, PR2000 before 1.0.0.28, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6250 before 1.0.4.34, R6300v2 before 1.0.4.34, R6400 before 1.0.1.46, R6400v2 before 1.0.2.66, R6700v3 before 1.0.2.66, R6700 before 1.0.2.6, R6900 before 1.0.2.6, R7000 before 1.0.9.34, R7100LG before 1.0.0.50, R7500v2 before 1.0.3.40, R7900P before 1.4.1.50, R8000P before 1.4.1.50, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBR40 before 2.3.0.28, RBS40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, WN3000RPv2 before 1.0.0.78, WNDR3400v3 before 1.0.1.24, WNR2000v5 before 1.0.0.70, WNR2020 before 1.1.0.62, and XR500 before 2.3.2.56.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
cve@mitre.org 4.6 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 2.1 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear r6230_firmware *
netgear d7000v2_firmware *
netgear r6900_firmware *
netgear r7000_firmware *
netgear r6400v2_firmware *
netgear wndr3400v3_firmware *
netgear rbr50_firmware *
netgear r6400_firmware *
netgear ex6120_firmware *
netgear rbr40_firmware *
netgear r6250_firmware *
netgear rbr20_firmware *
netgear r7500v2_firmware *
netgear d8500_firmware *
netgear d6000_firmware *
netgear wnr2000v5_firmware *
netgear d7800_firmware *
netgear rbk20_firmware *
netgear ex3700_firmware *
netgear r8900_firmware *
netgear rbs40_firmware *
netgear rbs50_firmware *
netgear d7000_firmware *
netgear r7900p_firmware *
netgear d6220_firmware *
netgear dgn2200v4_firmware *
netgear d6400_firmware *
netgear ex3800_firmware *
netgear rbs20_firmware *
netgear dgn2200bv4_firmware *
netgear wn3000rpv2_firmware *
netgear rbk40_firmware *
netgear pr2000_firmware *
netgear ex6130_firmware *
netgear ex7000_firmware *
netgear r6700_firmware *
netgear dc112a_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear r6700v3_firmware *
netgear r6300v2_firmware *
netgear rbk50_firmware *
netgear d6200_firmware *
netgear d3600_firmware *
netgear dm200_firmware *
netgear r7100lg_firmware *
netgear r8000p_firmware *
netgear r6220_firmware *
netgear wnr2020_firmware *
CVE-2021-45642 HIGH

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D7800 before 1.0.1.64, EX6250 before 1.0.0.134, EX7700 before 1.0.0.222, LBR20 before 2.6.3.50, RBS50Y before 2.7.3.22, R8900 before 1.0.5.26, R9000 before 1.0.5.26, XR450 before 2.3.2.66, XR500 before 2.3.2.66, XR700 before 1.0.1.36, EX7320 before 1.0.0.134, RAX120 before 1.2.2.24, EX7300v2 before 1.0.0.134, RAX120v2 before 1.2.2.24, EX6410 before 1.0.0.134, RBR10 before 2.7.3.22, RBR20 before 2.7.3.22, RBR40 before 2.7.3.22, RBR50 before 2.7.3.22, EX6420 before 1.0.0.134, RBS10 before 2.7.3.22, RBS20 before 2.7.3.22, RBS40 before 2.7.3.22, RBS50 before 2.7.3.22, EX6400v2 before 1.0.0.134, RBK12 before 2.7.3.22, RBK20 before 2.7.3.22, RBK40 before 2.7.3.22, and RBK50 before 2.7.3.22.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 7.5 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L 1.7 5.3
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear rbs50_firmware *
netgear lbr20_firmware *
netgear rbs10_firmware *
netgear rax120_firmware *
netgear ex7300v2_firmware *
netgear ex6420_firmware *
netgear rbr50_firmware *
netgear xr450_firmware *
netgear rbs20_firmware *
netgear rbk12_firmware *
netgear xr700_firmware *
netgear rbk40_firmware *
netgear rbr10_firmware *
netgear rbr40_firmware *
netgear rbs50y_firmware *
netgear rbr20_firmware *
netgear ex6400v2_firmware *
netgear ex6410_firmware *
netgear ex6250_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear d7800_firmware *
netgear rbk50_firmware *
netgear rax120v2_firmware *
netgear rbk20_firmware *
netgear ex7700_firmware *
netgear r8900_firmware *
netgear ex7320_firmware *
CVE-2021-45643 LOW

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, and XR1000 before 1.0.0.58.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 8.2 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N 2.8 4.7
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear xr1000_firmware *
netgear r6400v2_firmware *
netgear r6700v3_firmware *
CVE-2021-45644 HIGH

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects AC2100 before 1.2.0.88, AC2400 before 1.2.0.88, AC2600 before 1.2.0.88, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.84, R6330 before 1.1.0.84, R6350 before 1.1.0.84, R6700v2 before 1.2.0.88, R6800 before 1.2.0.88, R6850 before 1.1.0.84, R6900v2 before 1.2.0.88, R7200 before 1.2.0.88, R7350 before 1.2.0.88, R7400 before 1.2.0.88, and R7450 before 1.2.0.88.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cve@mitre.org 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear r6900v2_firmware *
netgear r6260_firmware *
netgear r6230_firmware *
netgear r6330_firmware *
netgear r6700v2_firmware *
netgear r7400_firmware *
netgear ac2100_firmware *
netgear r7450_firmware *
netgear r6350_firmware *
netgear r7350_firmware *
netgear r7200_firmware *
netgear r6850_firmware *
netgear ac2600_firmware *
netgear r6220_firmware *
netgear r6800_firmware *
netgear ac2400_firmware *
CVE-2021-45645 HIGH

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects RBS50Y before 2.7.0.122, SRK60 before 2.7.0.122, SRR60 before 2.7.0.122, SRS60 before 2.7.0.122, SXK30 before 3.2.33.108, SXR30 before 3.2.33.108, SXS30 before 3.2.33.108, and SRC60 before 2.7.0.122.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 8.2 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N 2.8 4.7
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear sxk30_firmware *
netgear srs60_firmware *
netgear src60_firmware *
netgear srr60_firmware *
netgear rbs50y_firmware *
netgear sxs30_firmware *
netgear srk60_firmware *
netgear sxr30_firmware *
CVE-2021-45646 MEDIUM

NETGEAR R7000 devices before 1.0.11.116 are affected by disclosure of sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
cve@mitre.org 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
netgear r7000_firmware *
CVE-2021-45647 MEDIUM

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects EAX80 before 1.0.1.62, EX7000 before 1.0.1.104, R6120 before 1.0.0.76, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.78, R6850 before 1.1.0.78, R6350 before 1.1.0.78, R6330 before 1.1.0.78, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6700v2 before 1.2.0.76, R7000 before 1.0.11.116, R6900P before 1.3.3.140, R7000P before 1.3.3.140, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, R7900 before 1.0.4.38, R7960P before 1.4.1.66, R8000 before 1.0.4.68, R7900P before 1.4.1.66, R8000P before 1.4.1.66, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX200 before 1.0.3.106, RAX45 before 1.0.2.72, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, and RAX80 before 1.0.3.106.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
netgear r6260_firmware *
netgear r6230_firmware *
netgear r7400_firmware *
netgear r7000_firmware *
netgear r7900p_firmware *
netgear rax20_firmware *
netgear r7000p_firmware *
netgear r7450_firmware *
netgear r8000_firmware *
netgear rax200_firmware *
netgear r6220_firmware 1.1.0.110
netgear r6350_firmware *
netgear rax50_firmware *
netgear rax75_firmware *
netgear r7200_firmware *
netgear r6850_firmware *
netgear rax15_firmware *
netgear r6800_firmware *
netgear ac2400_firmware *
netgear r6900p_firmware *
netgear rax45_firmware *
netgear r6900v2_firmware *
netgear rax80_firmware *
netgear r6330_firmware *
netgear r6700v2_firmware *
netgear ex7000_firmware *
netgear ac2100_firmware *
netgear r7900_firmware *
netgear r7350_firmware *
netgear ac2600_firmware *
netgear r7960p_firmware *
netgear eax80_firmware *
netgear r8000p_firmware *
netgear r6120_firmware *
CVE-2021-45648 MEDIUM

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects EX6100v2 before 1.0.1.106, EX6150v2 before 1.0.1.106, EX6250 before 1.0.0.146, EX6400 before 1.0.2.164, EX6400v2 before 1.0.0.146, EX6410 before 1.0.0.146, EX6420 before 1.0.0.146, EX7300 before 1.0.2.164, EX7300v2 before 1.0.0.146, EX7320 before 1.0.0.146, EX7700 before 1.0.0.222, LBR1020 before 2.6.5.16, LBR20 before 2.6.5.2, RBK352 before 4.3.4.7, RBK50 before 2.7.3.22, RBR350 before 4.3.4.7, RBR50 before 2.7.3.22, and RBS350 before 4.3.4.7.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 3.1 LOW CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 1.6 1.4
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
netgear ex6150v2_firmware *
netgear ex6400v2_firmware *
netgear ex6410_firmware *
netgear lbr20_firmware *
netgear ex6250_firmware *
netgear ex6400_firmware *
netgear ex7300_firmware *
netgear ex7300v2_firmware *
netgear ex6420_firmware *
netgear rbr50_firmware *
netgear rbs350_firmware *
netgear rbk50_firmware *
netgear rbr350_firmware *
netgear lbr1020_firmware *
netgear ex7700_firmware *
netgear ex6100v2_firmware *
netgear rbk352_firmware *
netgear ex7320_firmware *
CVE-2021-45649 LOW

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects R6400v2 before 1.0.4.84, R6700v3 before 1.0.4.84, R7000 before 1.0.11.126, R6900P before 1.3.2.126, and R7000P before 1.3.2.126.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6
cve@mitre.org 7.9 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N 1.5 5.8

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
netgear r7000_firmware *
netgear r7000p_firmware *
netgear r6400v2_firmware *
netgear r6900p_firmware *
netgear r6700v3_firmware *
CVE-2021-45650 MEDIUM

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects R7000 before 1.0.11.110, R7900 before 1.0.4.30, R8000 before 1.0.4.62, RS400 before 1.5.1.80, R6400v2 before 1.0.4.102, R7000P before 1.3.2.126, R6700v3 before 1.0.4.102, and R6900P before 1.3.2.126.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
cve@mitre.org 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
netgear r7900_firmware *
netgear r7000_firmware *
netgear r7000p_firmware *
netgear rs400_firmware *
netgear r8000_firmware *
netgear r6400v2_firmware *
netgear r6900p_firmware *
netgear r6700v3_firmware *
CVE-2021-45651 MEDIUM

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBK50 before 2.7.3.22, RBR50 before 2.7.3.22, and RBS50 before 2.7.3.22.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 7.4 HIGH CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 1.4 5.9
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear rbs50_firmware *
CVE-2021-45652 MEDIUM

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBK352 before 4.4.0.10, RBR350 before 4.4.0.10, and RBS350 before 4.4.0.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
netgear rbs350_firmware *
netgear rbr350_firmware *
netgear rbk352_firmware *
CVE-2021-45653 MEDIUM

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBK352 before 4.4.0.10, RBR350 before 4.4.0.10, and RBS350 before 4.4.0.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
cve@mitre.org 3.9 LOW CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.3 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
netgear rbs350_firmware *
netgear rbr350_firmware *
netgear rbk352_firmware *
CVE-2021-45654 MEDIUM

NETGEAR XR1000 devices before 1.0.0.58 are affected by disclosure of sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
netgear xr1000_firmware *
CVE-2021-45655 MEDIUM

NETGEAR R6400 devices before 1.0.1.70 are affected by server-side injection.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
cve@mitre.org 6.9 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H 1.7 4.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
netgear r6400_firmware *
CVE-2021-45656 MEDIUM

Certain NETGEAR devices are affected by server-side injection. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6050 before 1.0.1.26, JR6150 before 1.0.1.26, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.78, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6700v2 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, RBK40 before 2.5.1.16, RBR40 before 2.5.1.16, RBS40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20 before 2.5.1.16, RBK50 before 2.5.1.16, RBR50 before 2.5.1.16, RBS50 before 2.5.1.16, and RBS50Y before 2.6.1.40.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 1.8 5.2
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear r6260_firmware *
netgear rbs50_firmware *
netgear r6230_firmware *
netgear d7000_firmware *
netgear r6900_firmware *
netgear r6080_firmware *
netgear r7450_firmware *
netgear r6020_firmware *
netgear rbr50_firmware *
netgear rbs20_firmware *
netgear rbk40_firmware *
netgear rbr40_firmware *
netgear jr6150_firmware *
netgear r6800_firmware *
netgear ac2400_firmware *
netgear rbs50y_firmware *
netgear rbr20_firmware *
netgear r6050_firmware *
netgear ac2100_firmware *
netgear r6700_firmware *
netgear rbk50_firmware *
netgear d6200_firmware *
netgear ac2600_firmware *
netgear rbk20_firmware *
netgear r6220_firmware *
netgear r6120_firmware *
CVE-2021-45657 MEDIUM

Certain NETGEAR devices are affected by server-side injection. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6050 before 1.0.1.26, JR6150 before 1.0.1.26, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.78, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6700v2 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, RBK40 before 2.5.1.16, RBR40 before 2.5.1.16, RBS40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20 before 2.5.1.16, RBK50 before 2.5.1.16, RBR50 before 2.5.1.16, RBS50 before 2.5.1.16, RBS50Y before 2.6.1.40, and WNR2020 before 1.1.0.62.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 1.8 5.2
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear r6260_firmware *
netgear rbs50_firmware *
netgear r6230_firmware *
netgear d7000_firmware *
netgear r6080_firmware *
netgear r7450_firmware *
netgear r6020_firmware *
netgear rbr50_firmware *
netgear rbs20_firmware *
netgear rbk40_firmware *
netgear rbr40_firmware *
netgear jr6150_firmware *
netgear r6800_firmware *
netgear ac2400_firmware *
netgear rbs50y_firmware *
netgear rbr20_firmware *
netgear r6900v2_firmware *
netgear r6050_firmware *
netgear r6700v2_firmware *
netgear ac2100_firmware *
netgear rbk50_firmware *
netgear d6200_firmware *
netgear ac2600_firmware *
netgear rbk20_firmware *
netgear r6220_firmware *
netgear wnr2020_firmware *
netgear r6120_firmware *
CVE-2021-45658 HIGH

Certain NETGEAR devices are affected by server-side injection. This affects D7800 before 1.0.1.58, DM200 before 1.0.0.66, EX2700 before 1.0.1.56, EX6150v2 before 1.0.1.86, EX6100v2 before 1.0.1.86, EX6200v2 before 1.0.1.78, EX6250 before 1.0.0.110, EX6410 before 1.0.0.110, EX6420 before 1.0.0.110, EX6400v2 before 1.0.0.110, EX7300 before 1.0.2.144, EX6400 before 1.0.2.144, EX7320 before 1.0.0.110, EX7300v2 before 1.0.0.110, R7500v2 before 1.0.3.48, R7800 before 1.0.2.68, R8900 before 1.0.5.2, R9000 before 1.0.5.2, RAX120 before 1.0.1.90, RBK40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20 before 2.5.1.16, RBK50 before 2.5.1.16, RBR50 before 2.5.1.16, RBS50 before 2.5.1.16, RBS50Y before 2.6.1.40, WN3000RPv2 before 1.0.0.78, WN3000RPv3 before 1.0.2.80, WNR2000v5 before 1.0.0.72, XR500 before 2.3.2.56, and XR700 before 1.0.1.20.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cve@mitre.org 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 1.8 5.2

CVSS 2.0

Severity: HIGH

Problem Type: CWE-74,

Products Affected

Vendor Product Version
netgear rbs50_firmware *
netgear wn3000rpv3_firmware *
netgear rax120_firmware *
netgear ex7300_firmware *
netgear ex7300v2_firmware *
netgear ex6420_firmware *
netgear rbr50_firmware *
netgear rbs20_firmware *
netgear xr700_firmware *
netgear wn3000rpv2_firmware *
netgear rbk40_firmware *
netgear ex2700_firmware *
netgear rbs50y_firmware *
netgear rbr20_firmware *
netgear ex6150v2_firmware *
netgear ex6400v2_firmware *
netgear ex6410_firmware *
netgear r7500v2_firmware *
netgear r7800_firmware *
netgear ex6250_firmware *
netgear xr500_firmware *
netgear r9000_firmware *
netgear ex6400_firmware *
netgear wnr2000v5_firmware *
netgear d7800_firmware *
netgear rbk50_firmware *
netgear ex6200v2_firmware *
netgear dm200_firmware *
netgear rbk20_firmware *
netgear ex6100v2_firmware *
netgear r8900_firmware *
netgear ex7320_firmware *
CVE-2021-45659 MEDIUM

Certain NETGEAR devices are affected by server-side injection. This affects RBK40 before 2.5.1.16, RBR40 before 2.5.1.16, RBS40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20 before 2.5.1.16, RBK50 before 2.5.1.16, RBR50 before 2.5.1.16, RBS50 before 2.5.1.16, and RBS50Y before 2.6.1.40.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
cve@mitre.org 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 1.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear rbs50_firmware *
netgear rbs20_firmware *
netgear rbk20_firmware *
netgear rbk40_firmware *
netgear rbr40_firmware *
netgear rbs50y_firmware *
netgear rbr20_firmware *
CVE-2021-45660 MEDIUM

Certain NETGEAR devices are affected by server-side injection. This affects RBK40 before 2.5.1.16, RBR40 before 2.5.1.16, RBS40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20 before 2.5.1.16, RBK50 before 2.5.1.16, RBR50 before 2.5.1.16, RBS50 before 2.5.1.16, and RBS50Y before 2.6.1.40.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 1.8 5.2
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear rbs50_firmware *
netgear rbs20_firmware *
netgear rbk20_firmware *
netgear rbk40_firmware *
netgear rbr40_firmware *
netgear rbs50y_firmware *
netgear rbr20_firmware *
CVE-2021-45661 MEDIUM

Certain NETGEAR devices are affected by server-side injection. This affects RBK40 before 2.5.1.16, RBR40 before 2.5.1.16, RBS40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20 before 2.5.1.16, RBK50 before 2.5.1.16, RBR50 before 2.5.1.16, RBS50 before 2.5.1.16, and RBS50Y before 2.6.1.40.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 1.8 5.2
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear rbr50_firmware *
netgear rbk50_firmware *
netgear rbs50_firmware *
netgear rbs20_firmware *
netgear rbk20_firmware *
netgear rbk40_firmware *
netgear rbr40_firmware *
netgear rbs50y_firmware *
netgear rbr20_firmware *
CVE-2021-45662 LOW

NETGEAR R7000 devices before 1.0.9.88 are affected by stored XSS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 6.1 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 0.9 5.2
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear r7000_firmware *
CVE-2021-45663 LOW

NETGEAR R7000 devices before 1.0.11.126 are affected by stored XSS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7
cve@mitre.org 6.1 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 0.9 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear r7000_firmware *
CVE-2021-45664 LOW

NETGEAR R7000 devices before 1.0.11.126 are affected by stored XSS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 5.6 MEDIUM CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N 0.4 4.7
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear r7000_firmware *
CVE-2021-45665 LOW

Certain NETGEAR devices are affected by stored XSS. This affects EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, RBW30 before 2.6.1.4, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, and RBS40V before 2.6.1.4.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7
cve@mitre.org 6.5 MEDIUM CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:L/I:H/A:L 0.7 5.3

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear ex6130_firmware *
netgear rbw30_firmware *
netgear rbs40v_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
netgear eax20_firmware *
netgear ex3800_firmware *
netgear rbk752_firmware *
netgear ex7500_firmware *
netgear ex6120_firmware *
netgear ex3700_firmware *
netgear rbs850_firmware *
netgear eax80_firmware *
CVE-2021-45666 LOW

Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX80 before 1.0.1.64, EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, RBW30 before 2.6.1.4, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, and RBS40V before 2.6.1.4.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7
cve@mitre.org 6.5 MEDIUM CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:L/I:H/A:L 0.7 5.3

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear cbr40_firmware *
netgear ex6130_firmware *
netgear rbw30_firmware *
netgear rbs40v_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
netgear ex3800_firmware *
netgear rbk752_firmware *
netgear ex7500_firmware *
netgear ex6120_firmware *
netgear ex3700_firmware *
netgear rbs850_firmware *
netgear eax80_firmware *
CVE-2021-45667 LOW

Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, R7960P before 1.4.1.66, RAX200 before 1.0.3.106, RBS40V before 2.6.1.4, RBW30 before 2.6.1.4, EX3700 before 1.0.0.90, MR60 before 1.0.6.110, R8000P before 1.4.1.66, RAX20 before 1.0.2.82, RAX45 before 1.0.2.72, RAX80 before 1.0.3.106, EX3800 before 1.0.0.90, MS60 before 1.0.6.110, R7900P before 1.4.1.66, RAX15 before 1.0.2.82, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, RBR750 before 3.2.16.6, RBR850 before 3.2.16.6, RBS750 before 3.2.16.6, RBS850 before 3.2.16.6, RBK752 before 3.2.16.6, and RBK852 before 3.2.16.6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7
cve@mitre.org 6.5 MEDIUM CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:L/I:H/A:L 0.7 5.3

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear r7900p_firmware *
netgear rax20_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbr750_firmware *
netgear eax20_firmware *
netgear ex3800_firmware *
netgear rax200_firmware *
netgear rax50_firmware *
netgear rax75_firmware *
netgear rbk752_firmware *
netgear ms60_firmware *
netgear ex7500_firmware *
netgear rax15_firmware *
netgear ex6120_firmware *
netgear rax45_firmware *
netgear cbr40_firmware *
netgear rax80_firmware *
netgear ex6130_firmware *
netgear rbw30_firmware *
netgear rbs40v_firmware *
netgear rbs750_firmware *
netgear mr60_firmware *
netgear r7960p_firmware *
netgear ex3700_firmware *
netgear rbs850_firmware *
netgear eax80_firmware *
netgear r8000p_firmware *
CVE-2021-45668 LOW

Certain NETGEAR devices are affected by stored XSS. This affects EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, R7960P before 1.4.1.66, R7900P before 1.4.1.66, R8000P before 1.4.1.66, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX200 before 1.0.3.106, RAX45 before 1.0.2.72, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, and RAX80 before 1.0.3.106.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7
cve@mitre.org 6.5 MEDIUM CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:L/I:H/A:L 0.7 5.3

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear rax80_firmware *
netgear r7900p_firmware *
netgear rax20_firmware *
netgear ex6130_firmware *
netgear eax20_firmware *
netgear ex3800_firmware *
netgear rax200_firmware *
netgear rax50_firmware *
netgear rax75_firmware *
netgear ex7500_firmware *
netgear rax15_firmware *
netgear ex6120_firmware *
netgear r7960p_firmware *
netgear ex3700_firmware *
netgear eax80_firmware *
netgear r8000p_firmware *
netgear rax45_firmware *
CVE-2021-45669 LOW

Certain NETGEAR devices are affected by stored XSS. This affects RAX200 before 1.0.3.106, MR60 before 1.0.6.110, RAX20 before 1.0.2.82, RAX45 before 1.0.2.72, RAX80 before 1.0.3.106, MS60 before 1.0.6.110, RAX15 before 1.0.2.82, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, RBR750 before 3.2.16.6, RBR850 before 3.2.16.6, RBS750 before 3.2.16.6, RBS850 before 3.2.16.6, RBK752 before 3.2.16.6, and RBK852 before 3.2.16.6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7
cve@mitre.org 3.7 LOW CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N 0.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear rax80_firmware *
netgear rax20_firmware *
netgear rbk852_firmware *
netgear rbr850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
netgear rax200_firmware *
netgear rax50_firmware *
netgear rax75_firmware *
netgear rbk752_firmware *
netgear mr60_firmware *
netgear ms60_firmware *
netgear rax15_firmware *
netgear rbs850_firmware *
netgear rax45_firmware *
CVE-2021-45670 LOW

Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, R7000 before 1.0.11.116, R7900 before 1.0.4.38, R8000 before 1.0.4.68, RAX200 before 1.0.3.106, RBS40V before 2.6.1.4, RBW30 before 2.6.1.4, EX3700 before 1.0.0.90, MR60 before 1.0.6.110, R7000P before 1.3.2.126, RAX20 before 1.0.2.82, RAX45 before 1.0.2.72, RAX80 before 1.0.3.106, EX3800 before 1.0.0.90, MS60 before 1.0.6.110, R6900P before 1.3.2.126, RAX15 before 1.0.2.82, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, RBR750 before 3.2.16.6, RBR850 before 3.2.16.6, RBS750 before 3.2.16.6, RBS850 before 3.2.16.6, RBK752 before 3.2.16.6, and RBK852 before 3.2.16.6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 6.5 MEDIUM CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:L/I:H/A:L 0.7 5.3
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear r7000_firmware *
netgear rax20_firmware *
netgear r7000p_firmware *
netgear rbk852_firmware *
netgear r8000_firmware *
netgear rbr850_firmware *
netgear rbr750_firmware *
netgear eax20_firmware *
netgear ex3800_firmware *
netgear rax200_firmware *
netgear rax50_firmware *
netgear rax75_firmware *
netgear rbk752_firmware *
netgear ms60_firmware *
netgear ex7500_firmware *
netgear rax15_firmware *
netgear ex6120_firmware *
netgear r6900p_firmware *
netgear rax45_firmware *
netgear cbr40_firmware *
netgear rax80_firmware *
netgear ex6130_firmware *
netgear rbw30_firmware *
netgear rbs40v_firmware *
netgear rbs750_firmware *
netgear r7900_firmware *
netgear mr60_firmware *
netgear ex3700_firmware *
netgear rbs850_firmware *
netgear eax80_firmware *
CVE-2021-45671 LOW

Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX80 before 1.0.1.62, EX7500 before 1.0.0.72, R7900 before 1.0.4.38, R8000 before 1.0.4.68, RAX200 before 1.0.4.120, RBS40V before 2.6.1.4, RBW30 before 2.6.1.4, MR60 before 1.0.6.110, RAX20 before 1.0.2.82, RAX45 before 1.0.2.72, RAX80 before 1.0.4.120, MS60 before 1.0.6.110, RAX15 before 1.0.2.82, RAX50 before 1.0.2.72, RAX75 before 1.0.4.120, RBR750 before 3.2.16.6, RBR850 before 3.2.16.6, RBS750 before 3.2.16.6, RBS850 before 3.2.16.6, RBK752 before 3.2.16.6, and RBK852 before 3.2.16.6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7
cve@mitre.org 6.5 MEDIUM CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:L/I:H/A:L 0.7 5.3

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear cbr40_firmware *
netgear rax80_firmware *
netgear rax20_firmware *
netgear rbw30_firmware *
netgear rbs40v_firmware *
netgear rbk852_firmware *
netgear r8000_firmware *
netgear rbr850_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
netgear rax200_firmware *
netgear r7900_firmware *
netgear rax50_firmware *
netgear rax75_firmware *
netgear rbk752_firmware *
netgear mr60_firmware *
netgear ms60_firmware *
netgear ex7500_firmware *
netgear rax15_firmware *
netgear rbs850_firmware *
netgear eax80_firmware *
netgear rax45_firmware *
CVE-2021-45672 LOW

Certain NETGEAR devices are affected by Stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.76, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.78, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6700v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, and RAX40 before 1.0.3.62.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7
cve@mitre.org 4.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.1 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear r6900v2_firmware *
netgear r6260_firmware *
netgear r6230_firmware *
netgear d7000_firmware *
netgear r6080_firmware *
netgear r6700v2_firmware *
netgear r7400_firmware *
netgear ac2100_firmware *
netgear rax40_firmware *
netgear r7450_firmware *
netgear r6020_firmware *
netgear r7350_firmware *
netgear d6200_firmware *
netgear r7200_firmware *
netgear r6850_firmware *
netgear ac2600_firmware *
netgear r6220_firmware *
netgear r6800_firmware *
netgear ac2400_firmware *
netgear r6120_firmware *
CVE-2021-45673 LOW

Certain NETGEAR devices are affected by stored XSS. This affects R7000 before 1.0.11.110, R7900 before 1.0.4.30, R8000 before 1.0.4.62, RAX200 before 1.0.3.106, R7000P before 1.3.3.140, RAX80 before 1.0.3.106, R6900P before 1.3.3.140, and RAX75 before 1.0.3.106.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 4.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 1.7 2.7
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear r7900_firmware *
netgear rax75_firmware *
netgear rax80_firmware *
netgear r7000_firmware *
netgear r7000p_firmware *
netgear r8000_firmware *
netgear r6900p_firmware *
netgear rax200_firmware *
CVE-2021-45674 LOW

Certain NETGEAR devices are affected by stored XSS. This affects R7000 before 1.0.11.110, R7900 before 1.0.4.30, R8000 before 1.0.4.62, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX200 before 1.0.3.106, RAX75 before 1.0.3.106, and RAX80 before 1.0.3.106.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7
cve@mitre.org 3.2 LOW CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N 0.2 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear r7900_firmware *
netgear rax75_firmware *
netgear rax80_firmware *
netgear r7000_firmware *
netgear rax15_firmware *
netgear rax20_firmware *
netgear r8000_firmware *
netgear rax200_firmware *
CVE-2021-45675 LOW

Certain NETGEAR devices are affected by stored XSS. This affects R6120 before 1.0.0.76, R6260 before 1.1.0.78, R6850 before 1.1.0.78, R6350 before 1.1.0.78, R6330 before 1.1.0.78, R6800 before 1.2.0.76, R6700v2 before 1.2.0.76, R6900v2 before 1.2.0.76, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, and AC2600 before 1.2.0.76.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 5.8 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:N 0.6 4.7
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear r6900v2_firmware *
netgear r6260_firmware *
netgear r6330_firmware *
netgear r6700v2_firmware *
netgear r7400_firmware *
netgear ac2100_firmware *
netgear r7450_firmware *
netgear r6350_firmware *
netgear r7350_firmware *
netgear r7200_firmware *
netgear r6850_firmware *
netgear ac2600_firmware *
netgear ac2400_firmware 1.2.0.76
netgear r6800_firmware *
netgear r6120_firmware *
CVE-2021-45676 LOW

Certain NETGEAR devices are affected by stored XSS. This affects RAX200 before 1.0.5.126, RAX20 before 1.0.2.82, RAX80 before 1.0.5.126, RAX15 before 1.0.2.82, and RAX75 before 1.0.5.126.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7
cve@mitre.org 4.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.2 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear rax75_firmware *
netgear rax80_firmware *
netgear rax15_firmware *
netgear rax20_firmware *
netgear rax200_firmware *
CVE-2021-45677 MEDIUM

Certain NETGEAR devices are affected by stored XSS. This affects GS108Tv2 before 5.4.2.36 and GS110TPv2 before 5.4.2.36.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 5.2 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.1 2.7
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear gs110tp_firmware *
netgear gs108t_firmware *
CVE-2021-45678 HIGH

NETGEAR RAX200 devices before 1.0.5.132 are affected by insecure code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear rax200_firmware *
CVE-2021-45679 MEDIUM

Certain NETGEAR devices are affected by privilege escalation. This affects R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, and RS400 before 1.5.1.80.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear r7000_firmware *
netgear r7000p_firmware *
netgear rs400_firmware *
netgear r6900p_firmware *
CVE-2021-45732 MEDIUM

Netgear Nighthawk R6700 version 1.0.4.120 makes use of a hardcoded credential. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted/obfuscated. By extracting the configuration using readily available public tools, a user can reconfigure settings not intended to be manipulated, repackage the configuration, and restore a backup causing these settings to be changed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-798,

Products Affected

Vendor Product Version
netgear r6700_firmware 1.0.4.120
CVE-2021-46382 MEDIUM

Unauthenticated cross-site scripting (XSS) in Netgear WAC120 AC Access Point may lead to mulitple attacks like session hijacking even clipboard hijacking.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear wac120_ac_firmware -
CVE-2022-24655 HIGH

A stack overflow vulnerability exists in the upnpd service in Netgear EX6100v1 201.0.2.28, CAX80 2.1.2.6, and DC112A 1.0.0.62, which may lead to the execution of arbitrary code without authentication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netgear ex6200_firmware *
netgear cax80_firmware 2.1.2.6
netgear ex6100_firmware 201.0.2.28
netgear dc112a_firmware 1.0.0.62
CVE-2022-27641

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB module. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15806.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
netgear d7800_firmware *
netgear ex8000_firmware *
netgear r6230_firmware *
netgear ex6200_firmware *
netgear r7000_firmware *
netgear r6400_firmware *
netgear r7800_firmware *
netgear r6700_firmware *
netgear r6220_firmware *
CVE-2022-27642

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-15854.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
netgear lax20_firmware *
netgear rax42_firmware *
netgear r7850_firmware *
netgear rax38_firmware *
netgear rax48_firmware *
netgear r7000_firmware *
netgear r7900p_firmware *
netgear rax20_firmware *
netgear r7000p_firmware *
netgear rax43_firmware *
netgear r8000_firmware *
netgear rax200_firmware *
netgear rax50_firmware *
netgear rax75_firmware *
netgear rax50s_firmware *
netgear ms60_firmware *
netgear r6400_firmware *
netgear rax15_firmware *
netgear mr80_firmware *
netgear r8500_firmware *
netgear r6900p_firmware *
netgear rax45_firmware *
netgear rax80_firmware *
netgear cax80_firmware *
netgear rax40_firmware *
netgear r6700_firmware *
netgear ms80_firmware *
netgear mr60_firmware *
netgear rax35_firmware *
netgear r7960p_firmware *
netgear rs400_firmware *
netgear r7100lg_firmware *
netgear r8000p_firmware *
CVE-2022-27643

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SOAP requests. When parsing the SOAPAction header, the process does not properly validate the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15692.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
netgear r7850_firmware *
netgear d7000v2_firmware *
netgear r7000_firmware *
netgear r7900p_firmware *
netgear d6220_firmware *
netgear r7000p_firmware *
netgear wnr3500l_firmware *
netgear r8000_firmware *
netgear d6400_firmware *
netgear ex3800_firmware *
netgear rax200_firmware *
netgear rax75_firmware *
netgear r6400_firmware *
netgear wndr3400_firmware *
netgear ex6120_firmware *
netgear r8500_firmware *
netgear r6900p_firmware *
netgear rax80_firmware *
netgear ex6130_firmware *
netgear xr300_firmware *
netgear r6700_firmware *
netgear dc112a_firmware *
netgear r7960p_firmware *
netgear rs400_firmware *
netgear r7100lg_firmware *
netgear ex3700_firmware *
netgear r8000p_firmware *
CVE-2022-27644

This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15797.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear rbs50_firmware *
netgear r7850_firmware *
netgear r7000_firmware *
netgear lbr20_firmware *
netgear r7000p_firmware *
netgear r8000_firmware *
netgear rbs10_firmware *
netgear rax200_firmware *
netgear rbr50_firmware *
netgear rax75_firmware *
netgear r6400_firmware *
netgear rbs20_firmware *
netgear rbr10_firmware *
netgear rbr40_firmware *
netgear r6900p_firmware *
netgear rbr20_firmware *
netgear cbr40_firmware *
netgear rax80_firmware *
netgear r6700_firmware *
netgear r7960p_firmware *
netgear lbr1020_firmware *
netgear rs400_firmware *
netgear r8000p_firmware *
CVE-2022-27645

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15762.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
netgear lax20_firmware *
netgear rax42_firmware *
netgear r7850_firmware *
netgear rax38_firmware *
netgear rax48_firmware *
netgear r7000_firmware *
netgear r7900p_firmware *
netgear rax20_firmware *
netgear rax43_firmware *
netgear rax40_firmware *
netgear r6700_firmware *
netgear r8000_firmware *
netgear rax200_firmware *
netgear rax50_firmware *
netgear rax75_firmware *
netgear rax50s_firmware *
netgear r6400_firmware *
netgear rax15_firmware *
netgear rax35_firmware *
netgear r7960p_firmware *
netgear r8000p_firmware *
netgear r8500_firmware *
netgear rax45_firmware *
CVE-2022-27646

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the circled daemon. A crafted circleinfo.txt file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15879.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
netgear rbs40_firmware *
netgear rbs50_firmware *
netgear r7850_firmware *
netgear r7000_firmware *
netgear lbr20_firmware *
netgear r7000p_firmware *
netgear r8000_firmware *
netgear rbs10_firmware *
netgear rax200_firmware *
netgear rbr50_firmware *
netgear rax75_firmware *
netgear r6400_firmware *
netgear rbs20_firmware *
netgear rbr10_firmware *
netgear rbr40_firmware *
netgear r6900p_firmware *
netgear rbr20_firmware *
netgear cbr40_firmware *
netgear rax80_firmware *
netgear r6700_firmware *
netgear r7960p_firmware *
netgear lbr1020_firmware *
netgear rs400_firmware *
netgear r8000p_firmware *
CVE-2022-27647

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the name or email field provided to libreadycloud.so. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15874.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
netgear lax20_firmware *
netgear rax42_firmware *
netgear r7850_firmware *
netgear rax38_firmware *
netgear rax48_firmware *
netgear r7000_firmware *
netgear r7900p_firmware *
netgear rax20_firmware *
netgear r7000p_firmware *
netgear rax43_firmware *
netgear r8000_firmware *
netgear rax200_firmware *
netgear rax50_firmware *
netgear rax75_firmware *
netgear rax50s_firmware *
netgear ms60_firmware *
netgear r6400_firmware *
netgear rax15_firmware *
netgear mr80_firmware *
netgear r8500_firmware *
netgear r6900p_firmware *
netgear rax45_firmware *
netgear rax80_firmware *
netgear cax80_firmware *
netgear rax40_firmware *
netgear r6700_firmware *
netgear ms80_firmware *
netgear mr60_firmware *
netgear rax35_firmware *
netgear r7960p_firmware *
netgear rs400_firmware *
netgear r7100lg_firmware *
netgear r8000p_firmware *
CVE-2022-27945 HIGH

NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to password.cgi.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
netgear r8500_firmware 1.0.2.158
CVE-2022-27946 HIGH

NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to admin_account.cgi.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
netgear r8500_firmware 1.0.2.158
CVE-2022-27947 HIGH

NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the ipv6_fix.cgi ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, or ipv6_lan_length parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
netgear r8500_firmware 1.0.2.158
CVE-2022-29383 HIGH

NETGEAR ProSafe SSL VPN firmware FVS336Gv2 and FVS336Gv3 was discovered to contain a SQL injection vulnerability via USERDBDomains.Domainname at cgi-bin/platform.cgi.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
netgear ssl312_firmware fvs336gv3
netgear ssl312_firmware fvs336gv2
CVE-2022-30078

NETGEAR R6200_V2 firmware versions through R6200v2-V1.0.3.12_10.1.11 and R6300_V2 firmware versions through R6300v2-V1.0.4.52_10.0.93 allow remote authenticated attackers to execute arbitrary command via shell metacharacters in the ipv6_fix.cgi ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, or ipv6_lan_length parameters.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
netgear r6300_firmware *
netgear r6200_firmware *
CVE-2022-30079

Command injection vulnerability was discovered in Netgear R6200 v2 firmware through R6200v2-V1.0.3.12 via binary /sbin/acos_service that could allow remote authenticated attackers the ability to modify values in the vulnerable parameter.

Products Affected

Vendor Product Version
netgear r6200 r6200v2-v1.0.3.12
CVE-2022-31876 MEDIUM

netgear wnap320 router WNAP320_V2.0.3_firmware is vulnerable to Incorrect Access Control via /recreate.php, which can leak all users cookies.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
netgear wnap320_firmware 2.0.3
CVE-2022-31937

Netgear N300 wireless router wnr2000v4-V1.0.0.70 was discovered to contain a stack overflow via strcpy in uhttpd.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
netgear wnr2000v4_firmware 1.0.0.70
CVE-2022-36429

A command execution vulnerability exists in the ubus backend communications functionality of Netgear Orbi Satellite RBS750 4.6.8.5. A specially-crafted JSON object can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
talos-cna@cisco.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
netgear rbs750_firmware 4.6.8.5
CVE-2022-37232

Netgear N300 wireless router wnr2000v4-V1.0.0.70 is vulnerable to Buffer Overflow via uhttpd. There is a stack overflow vulnerability caused by strcpy.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
netgear wnr2000v4_firmware 1.0.0.70
CVE-2022-37234

Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1.0.11.134_10.2.119 is vulnerable to Buffer Overflow via the wl binary in firmware. There is a stack overflow vulnerability caused by strncpy.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
netgear r7000_firmware 1.0.11.134_10.2.119
CVE-2022-37235

Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1.0.11.134_10.2.119 is vulnerable to Buffer Overflow via the wl binary in firmware. There is a stack overflow vulnerability caused by strncat

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
netgear r7000_firmware 1.0.11.134_10.2.119
CVE-2022-37337

A command execution vulnerability exists in the access control functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
talos-cna@cisco.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
netgear rbs750_firmware 4.6.8.5
CVE-2022-38452

A command execution vulnerability exists in the hidden telnet service functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
talos-cna@cisco.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
netgear rbs750_firmware 4.6.8.5
CVE-2022-38458

A cleartext transmission vulnerability exists in the Remote Management functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
talos-cna@cisco.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 2.8 3.6
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

Products Affected

Vendor Product Version
netgear rbs750_firmware 4.6.8.5
CVE-2022-38955

An exploitable firmware modification vulnerability was discovered on the Netgear WPN824EXT WiFi Range Extender. An attacker can conduct a MITM attack to modify the user-uploaded firmware image and bypass the CRC check. A successful attack can either introduce a backdoor to the device or make the device DoS. This affects Firmware Version: 1.1.1_1.1.9.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H 1.6 5.9

Products Affected

Vendor Product Version
netgear wpn824ext_firmware 1.1.1_1.1.9
CVE-2022-38956

An exploitable firmware downgrade vulnerability was discovered on the Netgear WPN824EXT WiFi Range Extender. An attacker can conduct a MITM attack to replace the user-uploaded firmware image with an original old firmware image. This affects Firmware 1.1.1_1.1.9 and earlier.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N 1.6 3.6

Products Affected

Vendor Product Version
netgear wpn824ext_firmware *
CVE-2022-41545

The administrative web interface of a Netgear C7800 Router running firmware version 6.01.07 (and possibly others) authenticates users via basic authentication, with an HTTP header containing a base64 value of the plaintext username and password. Because the web server also does not utilize transport security by default, this renders the administrative credentials vulnerable to eavesdropping by an adversary during every authenticated request made by a client to the router over a WLAN, or a LAN, should the adversary be able to perform a man-in-the-middle attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.4 MEDIUM CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.5 5.9

Products Affected

Vendor Product Version
netgear c7800_firmware 6.01.07
CVE-2022-42221

Netgear R6220 v1.1.0.114_1.0.1 suffers from Incorrect Access Control, resulting in a command injection vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
netgear r6220_firmware 1.1.0.114_1.0.1
CVE-2022-43654

NETGEAR CAX30S SSO Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR CAX30S routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the token parameter provided to the sso.php endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18227.

Products Affected

Vendor Product Version
netgear cax30_firmware *
netgear cax30s_firmware *
CVE-2022-4390

A network misconfiguration is present in versions prior to 1.0.9.90 of the NETGEAR RAX30 AX2400 series of routers. IPv6 is enabled for the WAN interface by default on these devices. While there are firewall restrictions in place that define access restrictions for IPv4 traffic, these restrictions do not appear to be applied to the WAN interface for IPv6. This allows arbitrary access to any services running on the device that may be inadvertently listening via IPv6, such as the SSH and Telnet servers spawned on ports 22 and 23 by default. This misconfiguration could allow an attacker to interact with services only intended to be accessible by clients on the local network.

Products Affected

Vendor Product Version
netgear ax2400_firmware *
CVE-2022-44184

Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter wan_dns1_sec.

Products Affected

Vendor Product Version
netgear r7000p_firmware 1.3.0.8
CVE-2022-44186

Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter wan_dns1_pri.

Products Affected

Vendor Product Version
netgear r7000p_firmware 1.3.1.64
CVE-2022-44187

Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via wan_dns1_pri.

Products Affected

Vendor Product Version
netgear r7000p_firmware 1.3.0.8
CVE-2022-44188

Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter enable_band_steering.

Products Affected

Vendor Product Version
netgear r7000p_firmware 1.3.0.8
CVE-2022-44190

Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter enable_band_steering.

Products Affected

Vendor Product Version
netgear r7000p_firmware 1.3.1.64
CVE-2022-44191

Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameters KEY1 and KEY2.

Products Affected

Vendor Product Version
netgear r7000p_firmware 1.3.1.64
CVE-2022-44193

Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameters: starthour, startminute , endhour, and endminute.

Products Affected

Vendor Product Version
netgear r7000p_firmware 1.3.1.64
CVE-2022-44194

Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameters apmode_dns1_pri and apmode_dns1_sec.

Products Affected

Vendor Product Version
netgear r7000p_firmware 1.3.0.8
CVE-2022-44196

Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter openvpn_push1.

Products Affected

Vendor Product Version
netgear r7000p_firmware 1.3.0.8
CVE-2022-44197

Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter openvpn_server_ip.

Products Affected

Vendor Product Version
netgear r7000p_firmware 1.3.0.8
CVE-2022-44198

Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter openvpn_push1.

Products Affected

Vendor Product Version
netgear r7000p_firmware 1.3.1.64
CVE-2022-44199

Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter openvpn_server_ip.

Products Affected

Vendor Product Version
netgear r7000p_firmware 1.3.1.64
CVE-2022-44200

Netgear R7000P V1.3.0.8, V1.3.1.64 is vulnerable to Buffer Overflow via parameters: stamode_dns1_pri and stamode_dns1_sec.

Products Affected

Vendor Product Version
netgear r7000p_firmware 1.3.1.64
netgear r7000p_firmware 1.3.0.8
CVE-2022-46422

An issue in Netgear WNR2000 v1 1.2.3.7 and earlier allows authenticated attackers to cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update process.

Products Affected

Vendor Product Version
netgear wnr2000_firmware *
CVE-2022-46423

An exploitable firmware modification vulnerability was discovered on the Netgear WNR2000v1 router. An attacker can conduct a MITM (Man-in-the-Middle) attack to modify the user-uploaded firmware image and bypass the CRC check, allowing attackers to execute arbitrary code or cause a Denial of Service (DoS). This affects v1.2.3.7 and earlier.

Products Affected

Vendor Product Version
netgear wnr2000_firmware *
CVE-2022-46424

An exploitable firmware modification vulnerability was discovered on the Netgear XWN5001 Powerline 500 WiFi Access Point. An attacker can conduct a MITM (Man-in-the-Middle) attack to modify the user-uploaded firmware image and bypass the CRC check, allowing attackers to execute arbitrary code or cause a Denial of Service (DoS). This affects v0.4.1.1 and earlier.

Products Affected

Vendor Product Version
netgear xwn5001_firmware *
CVE-2022-47052

The web interface of the 'Nighthawk R6220 AC1200 Smart Wi-Fi Router' is vulnerable to a CRLF Injection attack that can be leveraged to perform Reflected XSS and HTML Injection. A malicious unauthenticated attacker can exploit this vulnerability using a specially crafted URL. This affects firmware versions: V1.1.0.112_1.0.1, V1.1.0.114_1.0.1.

Products Affected

Vendor Product Version
netgear ac1200_r6220_firmware 1.1.0.114_1.0.1
netgear ac1200_r6220_firmware 1.1.0.112_1.0.1
CVE-2022-47208

The “puhttpsniff” service, which runs by default, is susceptible to command injection due to improperly sanitized user input. An unauthenticated attacker on the same network segment as the router can execute arbitrary commands on the device without authentication.

Products Affected

Vendor Product Version
netgear nighthawk_ax1800_firmware *
netgear nighthawk_ax11000_firmware *
netgear nighthawk_ax5400_firmware *
netgear nighthawk_ax2400_firmware *
netgear nighthawk_ax6000_firmware *
netgear nighthawk_ax3000_firmware *
CVE-2022-47209

A support user exists on the device and appears to be a backdoor for Technical Support staff. The default password for this account is “support” and cannot be changed by a user via any normally accessible means.

Products Affected

Vendor Product Version
netgear rax30_firmware *
CVE-2022-47210

The default console presented to users over telnet (when enabled) is restricted to a subset of commands. Commands issued at this console, however, appear to be fed directly into a system call or other similar function. This allows any authenticated user to execute arbitrary commands on the device.

Products Affected

Vendor Product Version
netgear rax30_firmware *
CVE-2022-48176

Netgear routers R7000P before v1.3.3.154, R6900P before v1.3.3.154, R7960P before v1.4.4.94, and R8000P before v1.4.4.94 were discovered to contain a pre-authentication stack overflow.

Products Affected

Vendor Product Version
netgear mr60_firmware *
netgear ms60_firmware *
netgear r7000p_firmware *
netgear r7960p_firmware *
netgear r8000p_firmware *
netgear r6900p_firmware *
CVE-2022-48196

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects RAX40 before 1.0.2.60, RAX35 before 1.0.2.60, R6400v2 before 1.0.4.122, R6700v3 before 1.0.4.122, R6900P before 1.3.3.152, R7000P before 1.3.3.152, R7000 before 1.0.11.136, R7960P before 1.4.4.94, and R8000P before 1.4.4.94.

Products Affected

Vendor Product Version
netgear r7000_firmware *
netgear rax35_firmware *
netgear r7000p_firmware *
netgear r7960p_firmware *
netgear rax40_firmware *
netgear r8000p_firmware *
netgear r6400v2_firmware *
netgear r6900p_firmware *
netgear r6700v3_firmware *
CVE-2022-48322

NETGEAR Nighthawk WiFi Mesh systems and routers are affected by a stack-based buffer overflow vulnerability. This affects MR60 before 1.1.7.132, MS60 before 1.1.7.132, R6900P before 1.3.3.154, R7000P before 1.3.3.154, R7960P before 1.4.4.94, and R8000P before 1.4.4.94.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
netgear mr60_firmware *
netgear ms60_firmware *
netgear r7000p_firmware *
netgear r7960p_firmware *
netgear r8000p_firmware *
netgear r6900p_firmware *
CVE-2023-0848 MEDIUM

A vulnerability was found in Netgear WNDR3700v2 1.0.1.14. It has been rated as problematic. This issue affects some unknown processing of the component Web Management Interface. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221147.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-404,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear wndr3700_firmware 1.0.1.14
CVE-2023-0849 MEDIUM

A vulnerability has been found in Netgear WNDR3700v2 1.0.1.14 and classified as critical. This vulnerability affects unknown code of the component Web Interface. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221152.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netgear wndr3700_firmware 1.0.1.14
CVE-2023-0850 LOW

A vulnerability was found in Netgear WNDR3700v2 1.0.1.14 and classified as problematic. This issue affects some unknown processing of the component Web Interface. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221153 was assigned to this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-404,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear wndr3700_firmware 1.0.1.14
CVE-2023-1205

NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 is vulnerable to cross-site request forgery attacks on all endpoints due to improperly implemented CSRF protections.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
netgear rax30_firmware *
CVE-2023-1327

Netgear RAX30 (AX2400), prior to version 1.0.6.74, was affected by an authentication bypass vulnerability, allowing an unauthenticated attacker to gain administrative access to the device's web management interface by resetting the admin password.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
netgear rax30_firmware *
CVE-2023-23110

An exploitable firmware modification vulnerability was discovered in certain Netgear products. The data integrity of the uploaded firmware image is ensured with a fixed checksum number. Therefore, an attacker can conduct a MITM attack to modify the user-uploaded firmware image and bypass the checksum verification. This affects WNR612v2 Wireless Routers 1.0.0.3 and earlier, DGN1000v3 Modem Router 1.0.0.22 and earlier, D6100 WiFi DSL Modem Routers 1.0.0.63 and earlier, WNR1000v2 Wireless Routers 1.1.2.60 and earlier, XAVN2001v2 Wireless-N Extenders 0.4.0.7 and earlier, WNR2200 Wireless Routers 1.0.1.102 and earlier, WNR2500 Wireless Routers 1.0.0.34 and earlier, R8900 Smart WiFi Routers 1.0.3.6 and earlier, and R9000 Smart WiFi Routers 1.0.3.6 and earlier.

Products Affected

Vendor Product Version
netgear xavn2001v2_firmware *
netgear wnr1000v2_firmware *
netgear wnr2500_firmware *
netgear wnr612v2_firmware *
netgear d6100_firmware *
netgear wnr2200_firmware *
netgear r8900_firmware *
netgear dgn1000v3_firmware *
netgear r9000_firmware *
CVE-2023-2380 MEDIUM

A vulnerability, which was classified as problematic, was found in Netgear SRX5308 up to 4.3.5-3. Affected is an unknown function. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-227658 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-404,

Products Affected

Vendor Product Version
netgear srx5308_firmware 4.3.5-3
CVE-2023-2381 LOW

A vulnerability has been found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file scgi-bin/platform.cgi?page=bandwidth_profile.htm of the component Web Management Interface. The manipulation of the argument BandWidthProfile.ProfileName leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227659. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear srx5308_firmware 4.3.5-3
CVE-2023-2382 LOW

A vulnerability was found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. Affected by this issue is some unknown functionality of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument sysLogInfo.serverName leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227660. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear srx5308_firmware 4.3.5-3
CVE-2023-2383 LOW

A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been classified as problematic. This affects an unknown part of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument smtpServer.fromAddr leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227661 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear srx5308_firmware 4.3.5-3
CVE-2023-2384 LOW

A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been declared as problematic. This vulnerability affects unknown code of the file scgi-bin/platform.cgi?page=dmz_setup.htm of the component Web Management Interface. The manipulation of the argument dhcp.SecDnsIPByte2 leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227662 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear srx5308_firmware 4.3.5-3
CVE-2023-2385 LOW

A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been rated as problematic. This issue affects some unknown processing of the file scgi-bin/platform.cgi?page=ike_policies.htm of the component Web Management Interface. The manipulation of the argument IpsecIKEPolicy.IKEPolicyName leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227663. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear srx5308_firmware 4.3.5-3
CVE-2023-2386 LOW

A vulnerability classified as problematic has been found in Netgear SRX5308 up to 4.3.5-3. Affected is an unknown function of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument smtpServer.toAddr leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227664. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear srx5308_firmware 4.3.5-3
CVE-2023-2387 LOW

A vulnerability classified as problematic was found in Netgear SRX5308 up to 4.3.5-3. Affected by this vulnerability is an unknown functionality of the file scgi-bin/platform.cgi?page=dmz_setup.htm of the component Web Management Interface. The manipulation of the argument winsServer1 leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227665 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear srx5308_firmware 4.3.5-3
CVE-2023-2388 LOW

A vulnerability, which was classified as problematic, has been found in Netgear SRX5308 up to 4.3.5-3. Affected by this issue is some unknown functionality of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument smtpServer.fromAddr leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227666 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear srx5308_firmware 4.3.5-3
CVE-2023-2389 LOW

A vulnerability, which was classified as problematic, was found in Netgear SRX5308 up to 4.3.5-3. This affects an unknown part of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument smtpServer.emailServer leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227667. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear srx5308_firmware 4.3.5-3
CVE-2023-2390 LOW

A vulnerability has been found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. This vulnerability affects unknown code of the file scgi-bin/platform.cgi?page=time_zone.htm of the component Web Management Interface. The manipulation of the argument ntp.server1 leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227668. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear srx5308_firmware 4.3.5-3
CVE-2023-2391 LOW

A vulnerability was found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. This issue affects some unknown processing of the file scgi-bin/platform.cgi?page=time_zone.htm of the component Web Management Interface. The manipulation of the argument ntp.server2 leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227669 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear srx5308_firmware 4.3.5-3
CVE-2023-2392 LOW

A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been classified as problematic. Affected is an unknown function of the file scgi-bin/platform.cgi?page=time_zone.htm of the component Web Management Interface. The manipulation of the argument ManualDate.minutes leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-227670 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
netgear srx5308_firmware 4.3.5-3
CVE-2023-2393 LOW

A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file scgi-bin/platform.cgi?page=dmz_setup.htm of the component Web Management Interface. The manipulation of the argument ConfigPort.LogicalIfName leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227671. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear srx5308_firmware 4.3.5-3
CVE-2023-2394 LOW

A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Web Management Interface. The manipulation of the argument wanName leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227672. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear srx5308_firmware 4.3.5-3
CVE-2023-2395 MEDIUM

A vulnerability classified as problematic has been found in Netgear SRX5308 up to 4.3.5-3. This affects an unknown part of the component Web Management Interface. The manipulation of the argument Login.userAgent leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227673 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear srx5308_firmware 4.3.5-3
CVE-2023-2396 MEDIUM

A vulnerability classified as problematic was found in Netgear SRX5308 up to 4.3.5-3. This vulnerability affects unknown code of the component Web Management Interface. The manipulation of the argument USERDBUsers.Password leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227674 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netgear srx5308_firmware 4.3.5-3
CVE-2023-24498

An uspecified endpoint in the web server of the switch does not properly authenticate the user identity, and may allow downloading a config page with the password to the switch in clear text.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@cyber.gov.il 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
netgear prosafe_fs726tp_firmware -
CVE-2023-27356

NETGEAR RAX30 logCtrl Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the logCtrl action. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19825.

Products Affected

Vendor Product Version
netgear raxe300_firmware *
netgear rax30_firmware *
CVE-2023-27357

NETGEAR RAX30 GetInfo Missing Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SOAP requests. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose sensitive information, leading to further compromise. Was ZDI-CAN-19608.

Products Affected

Vendor Product Version
netgear rax30_firmware *
CVE-2023-27358

NETGEAR RAX30 SOAP Request SQL Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of specific SOAP requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the service account. Was ZDI-CAN-19754.

Products Affected

Vendor Product Version
netgear raxe300_firmware *
netgear rax38_firmware *
netgear rax35_firmware *
netgear rax40_firmware *
netgear rax30_firmware *
CVE-2023-27360

NETGEAR RAX30 lighttpd Misconfiguration Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the lighttpd HTTP server. The issue results from allowing execution of files from untrusted sources. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19398.

Products Affected

Vendor Product Version
netgear rax30_firmware *
CVE-2023-27361

NETGEAR RAX30 rex_cgi JSON Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of JSON data. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19355.

Products Affected

Vendor Product Version
netgear rax30_firmware *
CVE-2023-27367

NETGEAR RAX30 libcms_cli Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the libcms_cli module. The issue results from the lack of proper validation of a user-supplied command before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19838.

Products Affected

Vendor Product Version
netgear rax30_firmware *
CVE-2023-27368

NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the soap_serverd binary. When parsing SOAP message headers, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19839.

Products Affected

Vendor Product Version
netgear rax30_firmware *
CVE-2023-27369

NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30. Authentication is not required to exploit this vulnerability. The specific flaw exists within the soap_serverd binary. When parsing the request headers, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19840.

Products Affected

Vendor Product Version
netgear rax30_firmware *
CVE-2023-27370

NETGEAR RAX30 Device Configuration Cleartext Storage Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of device configuration. The issue results from the storage of configuration secrets in plaintext. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-19841.

Products Affected

Vendor Product Version
netgear rax30_firmware *
CVE-2023-27850

NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that allows users with access to this feature to access arbitrary files on the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

Products Affected

Vendor Product Version
netgear rax30_firmware *
CVE-2023-27851

NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that unintentionally allows users with upload permissions to execute arbitrary code on the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
netgear rax30_firmware *
CVE-2023-27852

NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a buffer overflow vulnerability in various CGI mechanisms that could allow an attacker to execute arbitrary code on the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
netgear rax30_firmware *
CVE-2023-27853

NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a format string vulnerability in a SOAP service that could allow an attacker to execute arbitrary code on the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
netgear rax30_firmware *
CVE-2023-28337

When uploading a firmware image to a Netgear Nighthawk Wifi6 Router (RAX30), a hidden “forceFWUpdate” parameter may be provided to force the upgrade to complete and bypass certain validation checks. End users can use this to upload modified, unofficial, and potentially malicious firmware to the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
netgear rax30_firmware *
CVE-2023-28338

Any request send to a Netgear Nighthawk Wifi6 Router (RAX30)'s web service containing a “Content-Type” of “multipartboundary=” will result in the request body being written to “/tmp/mulipartFile” on the device itself. A sufficiently large file will cause device resources to be exhausted, resulting in the device becoming unusable until it is rebooted.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
netgear rax30_firmware *
CVE-2023-30280

Buffer Overflow vulnerability found in Netgear R6900 v.1.0.2.26, R6700v3 v.1.0.4.128, R6700 v.1.0.0.26 allows a remote attacker to execute arbitrary code and cause a denial ofservice via the getInputData parameter of the fwSchedule.cgi page.

Products Affected

Vendor Product Version
netgear r6900_firmware 1.0.2.26
netgear r6700_firmware 1.0.4.128
netgear r6700_firmware 1.0.0.26
CVE-2023-33532

There is a command injection vulnerability in the Netgear R6250 router with Firmware Version 1.0.4.48. If an attacker gains web management privileges, they can inject commands into the post request parameters, thereby gaining shell privileges.

Products Affected

Vendor Product Version
netgear r6250_firmware 1.0.4.48
CVE-2023-33533

Netgear D6220 with Firmware Version 1.0.0.80, D8500 with Firmware Version 1.0.3.60, R6700 with Firmware Version 1.0.2.26, and R6900 with Firmware Version 1.0.2.26 are vulnerable to Command Injection. If an attacker gains web management privileges, they can inject commands into the post request parameters, gaining shell privileges.

Products Affected

Vendor Product Version
netgear r6900_firmware 1.0.2.26
netgear d6220_firmware 1.0.0.80
netgear d8500_firmware 1.0.3.60
netgear r6700_firmware 1.0.2.26
CVE-2023-34283

NETGEAR RAX30 USB Share Link Following Information Disclosure Vulnerability. This vulnerability allows physically present attackers to disclose sensitive information on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of symbolic links on removable USB media. By creating a symbolic link, an attacker can abuse the router's web server to access arbitrary local files. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-19498.

Products Affected

Vendor Product Version
netgear rax30_firmware *
CVE-2023-34284

NETGEAR RAX30 Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the system configuration. The system contains a hardcoded user account which can be used to access the CLI service as a low-privileged user. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19660.

Products Affected

Vendor Product Version
netgear rax30_firmware *
CVE-2023-34285

NETGEAR RAX30 cmsCli_authenticate Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within a shared library used by the telnetd service, which listens on TCP port 23 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19918.

Products Affected

Vendor Product Version
netgear rax30_firmware *
CVE-2023-34563

netgear R6250 Firmware Version 1.0.4.48 is vulnerable to Buffer Overflow after authentication.

Products Affected

Vendor Product Version
netgear r6250_firmware 1.0.4.48
CVE-2023-35721

NETGEAR Multiple Routers curl_post Improper Certificate Validation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the update functionality, which operates over HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-19981.

Products Affected

Vendor Product Version
netgear rax50_firmware *
CVE-2023-35722

NETGEAR RAX30 UPnP Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of UPnP port mapping requests. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20429.

Products Affected

Vendor Product Version
netgear rax30_firmware *
CVE-2023-36187

Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthenticated attackers to execute arbitrary code via crafted URL to httpd.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
netgear lax20_firmware *
netgear cbr40_firmware *
netgear rax80_firmware *
netgear r7000_firmware *
netgear rbw30_firmware *
netgear r7000p_firmware *
netgear r6400v2_firmware *
netgear rax200_firmware *
netgear r6700v3_firmware *
netgear rax75_firmware *
netgear mr60_firmware *
netgear ms60_firmware *
netgear r6400_firmware *
netgear rs400_firmware *
netgear mk62_firmware *
CVE-2023-36499

Netgear XR300 v1.0.3.78 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at genie_ap_wifi_change.cgi.

Products Affected

Vendor Product Version
netgear xr300_firmware 1.0.3.78
CVE-2023-38095

NETGEAR ProSAFE Network Management System MFileUploadController Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the MFileUploadController class. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-19717.

Products Affected

Vendor Product Version
netgear prosafe_network_management_system *
CVE-2023-38096

NETGEAR ProSAFE Network Management System MyHandlerInterceptor Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of NETGEAR ProSAFE Network Management System. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MyHandlerInterceptor class. The issue results from improper implementation of the authentication mechanism. An attacker can leverage this vulnerability to bypass authentication on the system. . Was ZDI-CAN-19718.

Products Affected

Vendor Product Version
netgear prosafe_network_management_system *
CVE-2023-38097

NETGEAR ProSAFE Network Management System BkreProcessThread Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the BkreProcessThread class. The issue results from an exposed dangerous function. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. . Was ZDI-CAN-19719.

Products Affected

Vendor Product Version
netgear prosafe_network_management_system *
CVE-2023-38098

NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the UpLoadServlet class. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-19720.

Products Affected

Vendor Product Version
netgear prosafe_network_management_system *
CVE-2023-38099

NETGEAR ProSAFE Network Management System getNodesByTopologyMapSearch SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the getNodesByTopologyMapSearch function. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-19723.

Products Affected

Vendor Product Version
netgear prosafe_network_management_system *
CVE-2023-38100

NETGEAR ProSAFE Network Management System clearAlertByIds SQL Injection Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the clearAlertByIds function. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. Was ZDI-CAN-19724.

Products Affected

Vendor Product Version
netgear prosafe_network_management_system *
CVE-2023-38101

NETGEAR ProSAFE Network Management System SettingConfigController Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SettingConfigController class. The issue results from an exposed dangerous function. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. . Was ZDI-CAN-19725.

Products Affected

Vendor Product Version
netgear prosafe_network_management_system *
CVE-2023-38102

NETGEAR ProSAFE Network Management System createUser Missing Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the createUser function. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. Was ZDI-CAN-19726.

Products Affected

Vendor Product Version
netgear prosafe_network_management_system *
CVE-2023-38412

Netgear R6900P v1.3.3.154 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at ia_ap_setting.cgi.

Products Affected

Vendor Product Version
netgear r6900p_firmware 1.3.3.154
CVE-2023-38591

Netgear DG834Gv5 1.6.01.34 was discovered to contain multiple buffer overflows via the wla_ssid and wla_temp_ssid parameters at bsw_ssid.cgi.

Products Affected

Vendor Product Version
netgear dg834gv5_firmware 1.6.01.34
CVE-2023-38921

Netgear WG302v2 v5.2.9 and WAG302v2 v5.1.19 were discovered to contain multiple command injection vulnerabilities in the upgrade_handler function via the firmwareRestore and firmwareServerip parameters.

Products Affected

Vendor Product Version
netgear wag302v2_firmware 5.1.19
netgear wg302v2_firmware 5.2.9
CVE-2023-38922

Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the update_auth function.

Products Affected

Vendor Product Version
netgear xwn5001_firmware 0.4.1.1
netgear jwnr2000v2_firmware 1.0.0.11
netgear xavn2001v2_firmware 0.4.0.7
CVE-2023-38924

Netgear DGN3500 1.1.00.37 was discovered to contain a buffer overflow via the http_password parameter at setup.cgi.

Products Affected

Vendor Product Version
netgear dgn3500_firmware 1.1.00.37
CVE-2023-38925

Netgear DC112A 1.0.0.64, EX6200 1.0.3.94 and R6300v2 1.0.4.8 were discovered to contain a buffer overflow via the http_passwd parameter in password.cgi.

Products Affected

Vendor Product Version
netgear ex6200_firmware 1.0.3.94
netgear r6300v2_firmware 1.0.4.8
netgear dc112a_firmware 1.0.0.64
CVE-2023-38926

Netgear EX6200 v1.0.3.94 was discovered to contain a buffer overflow via the wla_temp_ssid parameter at acosNvramConfig_set.

Products Affected

Vendor Product Version
netgear ex6200_firmware 1.0.3.94
CVE-2023-38928

Netgear R7100LG 1.0.0.78 was discovered to contain a command injection vulnerability via the password parameter at usb_remote_invite.cgi.

Products Affected

Vendor Product Version
netgear r7100lg_firmware 1.0.0.78
CVE-2023-39550

Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the check_auth function.

Products Affected

Vendor Product Version
netgear xwn5001_firmware 0.4.1.1
netgear jwnr2000v2_firmware 1.0.0.11
netgear xavn2001v2_firmware 0.4.0.7
CVE-2023-40478

NETGEAR RAX30 Telnet CLI passwd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the telnet CLI service, which listens on TCP port 23. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20009.

Products Affected

Vendor Product Version
netgear rax30_firmware *
CVE-2023-40479

NETGEAR RAX30 UPnP Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19704.

Products Affected

Vendor Product Version
netgear rax30_firmware *
CVE-2023-40480

NETGEAR RAX30 DHCP Server Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DHCP server. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19705.

Products Affected

Vendor Product Version
netgear rax30_firmware *
CVE-2023-41182

NETGEAR ProSAFE Network Management System ZipUtils Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ZipUtils class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-19716.

Products Affected

Vendor Product Version
netgear prosafe_network_management_system *
CVE-2023-41183

NETGEAR Orbi 760 SOAP API Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR Orbi 760 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the SOAP API. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-20524.

Products Affected

Vendor Product Version
netgear rbr760_firmware *
CVE-2023-44445

NETGEAR CAX30 SSO Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR CAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the sso binary. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19058.

Products Affected

Vendor Product Version
netgear cax30_firmware *
CVE-2023-44449

NETGEAR ProSAFE Network Management System clearAlertByIds SQL Injection Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The specific flaw exists within the clearAlertByIds function. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. Was ZDI-CAN-21875.

Products Affected

Vendor Product Version
netgear prosafe_network_management_system *
CVE-2023-44450

NETGEAR ProSAFE Network Management System getNodesByTopologyMapSearch SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The specific flaw exists within the getNodesByTopologyMapSearch function. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-21858.

Products Affected

Vendor Product Version
netgear prosafe_network_management_system *
CVE-2023-48725

A stack-based buffer overflow vulnerability exists in the JSON Parsing getblockschedule() functionality of Netgear RAX30 1.0.11.96 and 1.0.7.78. A specially crafted HTTP request can lead to code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
talos-cna@cisco.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
netgear rax30_firmware 1.0.11.96
netgear rax30_firmware 1.0.7.78
CVE-2023-49007

In Netgear Orbi RBR750 firmware before V7.2.6.21, there is a stack-based buffer overflow in /usr/sbin/httpd.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
netgear rbr750_firmware *
CVE-2023-49693

NETGEAR ProSAFE Network Management System has Java Debug Wire Protocol (JDWP) listening on port 11611 and it is remotely accessible by unauthenticated users, allowing attackers to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
vulnreport@tenable.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
netgear prosafe_network_management_system *
CVE-2023-49694

A low-privileged OS user with access to a Windows host where NETGEAR ProSAFE Network Management System is installed can create arbitrary JSP files in a Tomcat web application directory. The user can then execute the JSP files under the security context of SYSTEM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
vulnreport@tenable.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
netgear prosafe_network_management_system *
CVE-2023-50089

A Command Injection vulnerability exists in NETGEAR WNR2000v4 version 1.0.0.70. When using HTTP for SOAP authentication, command execution occurs during the process after successful authentication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
netgear wnr2000_firmware 1.0.0.70
CVE-2023-50231

NETGEAR ProSAFE Network Management System saveNodeLabel Cross-Site Scripting Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. Minimal user interaction is required to exploit this vulnerability. The specific flaw exists within the saveNodeLabel method. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. Was ZDI-CAN-21838.

Products Affected

Vendor Product Version
netgear prosafe_network_management_system *
CVE-2023-50677

An issue in NETGEAR-DGND4000 v.1.1.00.15_1.00.15 allows a remote attacker to escalate privileges via the next_file parameter to the /setup.cgi component.

Products Affected

Vendor Product Version
netgear dgnd4000_firmware 1.1.00.15
CVE-2023-51634

NETGEAR RAX30 Improper Certificate Validation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-19589.

Products Affected

Vendor Product Version
netgear rax30_firmware *
CVE-2023-51635

NETGEAR RAX30 fing_dil Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within fing_dil service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19843.

Products Affected

Vendor Product Version
netgear rax30_firmware *
CVE-2024-12847

NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can execute arbitrary operating system commands as root by sending crafted HTTP requests to the setup.cgi endpoint. This vulnerability has been observed to be exploited in the wild since at least 2017 and specifically by the Shadowserver Foundation on 2025-02-06 UTC.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
disclosure@vulncheck.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
netgear dgn1000_firmware *
CVE-2024-12988 HIGH

A vulnerability has been found in Netgear R6900P and R7000P 1.3.3.154 and classified as critical. Affected by this vulnerability is the function sub_16C4C of the component HTTP Header Handler. The manipulation of the argument Host leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 3.9 3.4

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,CWE-120,CWE-787,

Products Affected

Vendor Product Version
netgear r7000p_firmware 1.3.3.154
netgear r6900p_firmware 1.3.3.154
CVE-2024-1430 LOW

A vulnerability has been found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /currentsetting.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 4.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear r7000_firmware 1.0.11.136_10.2.120
CVE-2024-1431 LOW

A vulnerability was found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this issue is some unknown functionality of the file /debuginfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-253382 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 4.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netgear r7000_firmware 1.0.11.136_10.2.120
CVE-2024-28339

An information leak in the debuginfo.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required.

Products Affected

Vendor Product Version
netgear cbk40_firmware 2.5.0.28
netgear cbr40_firmware 2.5.0.28
netgear cbk43_firmware 2.5.0.28
CVE-2024-28340

An information leak in the currentsetting.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required.

Products Affected

Vendor Product Version
netgear cbk40_firmware 2.5.0.28
netgear cbr40_firmware 2.5.0.28
netgear cbk43_firmware 2.5.0.28
CVE-2024-36787

An issue in Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 allows attackers to bypass authentication and access the administrative interface via unspecified vectors.

Products Affected

Vendor Product Version
netgear wnr614_firmware 1.1.0.54_1.0.1
CVE-2024-36788

Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 does not properly set the HTTPOnly flag for cookies. This allows attackers to possibly intercept and access sensitive communications between the router and connected devices.

Products Affected

Vendor Product Version
netgear wnr614_firmware 1.1.0.54_1.0.1
CVE-2024-36789

An issue in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to create passwords that do not conform to defined security standards.

Products Affected

Vendor Product Version
netgear wnr614_firmware 1.1.0.54_1.0.1
CVE-2024-36790

Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 was discovered to store credentials in plaintext.

Products Affected

Vendor Product Version
netgear wnr614_firmware 1.1.0.54_1.0.1
CVE-2024-36792

An issue in the implementation of the WPS in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to gain access to the router's pin.

Products Affected

Vendor Product Version
netgear wnr614_firmware 1.1.0.54_1.0.1
CVE-2024-36795

Insecure permissions in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to access URLs and directories embedded within the firmware via unspecified vectors.

Products Affected

Vendor Product Version
netgear wnr614_firmware 1.1.0.54_1.0.1
CVE-2024-4235 LOW

A vulnerability classified as problematic was found in Netgear DG834Gv5 1.6.01.34. This vulnerability affects unknown code of the component Web Management Interface. The manipulation leads to cleartext storage of sensitive information. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-262126 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 2.7 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N 1.2 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-312,

Products Affected

Vendor Product Version
netgear dg834gv5_firmware 1.6.01.34
CVE-2024-42756

An issue in Netgear DGN1000WW v.1.1.00.45 allows a remote attacker to execute arbitrary code via the Diagnostics page

Products Affected

Vendor Product Version
netgear dgn1000ww_firmware 1.1.00.45
CVE-2024-50993

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the sysNewPasswd parameter at admin_account.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
netgear r8500_firmware 1.0.2.160
CVE-2024-50994

Netgear R8500 v1.0.2.160 was discovered to contain multiple stack overflow vulnerabilities in the component ipv6_fix.cgi via the ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, and ipv6_lan_length parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted POST request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.1 3.6

Products Affected

Vendor Product Version
netgear r8500_firmware 1.0.2.160
CVE-2024-50995

Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the share_name parameter at usb_remote_smb_conf.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.1 3.6

Products Affected

Vendor Product Version
netgear r8500_firmware 1.0.2.160
CVE-2024-50996

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the bpa_server parameter at genie_bpa.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.1 3.6

Products Affected

Vendor Product Version
netgear xr300_firmware 1.0.3.78
netgear r8500_firmware 1.0.2.160
netgear r7000p_firmware 1.3.3.154
netgear r6400v2_firmware 1.0.4.128
CVE-2024-50997

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.1 3.6

Products Affected

Vendor Product Version
netgear xr300_firmware 1.0.3.78
netgear r8500_firmware 1.0.2.160
netgear r7000p_firmware 1.3.3.154
netgear r6400v2_firmware 1.0.4.128
CVE-2024-50998

Netgear R8500 v1.0.2.160 was discovered to contain multiple stack overflow vulnerabilities in the component openvpn.cgi via the openvpn_service_port and openvpn_service_port_tun parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted POST request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.1 3.6

Products Affected

Vendor Product Version
netgear r8500_firmware 1.0.2.160
CVE-2024-50999

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the sysNewPasswd parameter at password.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.1 3.6

Products Affected

Vendor Product Version
netgear r8500_firmware 1.0.2.160
CVE-2024-51000

Netgear R8500 v1.0.2.160 was discovered to contain multiple stack overflow vulnerabilities in the component wireless.cgi via the opmode, opmode_an, and opmode_an_2 parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted POST request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.1 3.6

Products Affected

Vendor Product Version
netgear r8500_firmware 1.0.2.160
CVE-2024-51001

Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the sysDNSHost parameter at ddns.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.1 3.6

Products Affected

Vendor Product Version
netgear r8500_firmware 1.0.2.160
CVE-2024-51002

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the l2tp_user_ip parameter at l2tp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.1 3.6

Products Affected

Vendor Product Version
netgear xr300_firmware 1.0.3.78
netgear r8500_firmware 1.0.2.160
netgear r7000p_firmware 1.3.3.154
netgear r6400v2_firmware 1.0.4.128
CVE-2024-51003

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to multiple stack overflow vulnerabilities in the component ap_mode.cgi via the apmode_dns1_pri and apmode_dns1_sec parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted POST request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.1 3.6

Products Affected

Vendor Product Version
netgear xr300_firmware 1.0.3.78
netgear r8500_firmware 1.0.2.160
netgear r7000p_firmware 1.3.3.154
netgear r6400v2_firmware 1.0.4.128
CVE-2024-51004

Netgear R8500 v1.0.2.160 and R7000P v1.3.3.154 were discovered to multiple stack overflow vulnerabilities in the component usb_device.cgi via the cifs_user, read_access, and write_access parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted POST request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.1 3.6

Products Affected

Vendor Product Version
netgear r8500_firmware 1.0.2.160
netgear r7000p_firmware 1.3.3.154
CVE-2024-51005

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the share_name parameter at usb_remote_smb_conf.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
netgear r8500_firmware 1.0.2.160
CVE-2024-51006

Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the ipv6_static_ip parameter in the ipv6_tunnel function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.1 3.6

Products Affected

Vendor Product Version
netgear r8500_firmware 1.0.2.160
CVE-2024-51007

Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the passphrase parameter at wireless.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.1 3.6

Products Affected

Vendor Product Version
netgear xr300_firmware 1.0.3.78
CVE-2024-51008

Netgear XR300 v1.0.3.78 was discovered to contain a command injection vulnerability in the system_name parameter at wiz_dyn.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
netgear xr300_firmware 1.0.3.78
CVE-2024-51009

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at ether.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
netgear r8500_firmware 1.0.2.160
CVE-2024-51010

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a command injection vulnerability in the component ap_mode.cgi via the apmode_gateway parameter. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
netgear xr300_firmware 1.0.3.78
netgear r8500_firmware 1.0.2.160
netgear r7000p_firmware 1.3.3.154
netgear r6400v2_firmware 1.0.4.128
CVE-2024-51011

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at pppoe.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.1 3.6

Products Affected

Vendor Product Version
netgear xr300_firmware 1.0.3.78
netgear r7000p_firmware 1.3.3.154
netgear r6400v2_firmware 1.0.4.128
CVE-2024-51012

Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the ipv6_pri_dns parameter at ipv6_fix.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.1 3.6

Products Affected

Vendor Product Version
netgear r8500_firmware 1.0.2.160
CVE-2024-51013

Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the RADIUSAddr%d_wla parameter at wireless.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.1 3.6

Products Affected

Vendor Product Version
netgear r7000p_firmware 1.3.3.154
CVE-2024-51014

Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the ssid_an parameter in bridge_wireless_main.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.1 3.6

Products Affected

Vendor Product Version
netgear xr300_firmware 1.0.3.78
CVE-2024-51015

Netgear R7000P v1.3.3.154 was discovered to contain a command injection vulnerability via the device_name2 parameter at operation_mode.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.1 3.6

Products Affected

Vendor Product Version
netgear r7000p_firmware 1.3.3.154
CVE-2024-51016

Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the addName%d parameter in usb_approve.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.1 3.6

Products Affected

Vendor Product Version
netgear xr300_firmware 1.0.3.78
CVE-2024-51017

Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the l2tp_user_netmask parameter at l2tp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.1 3.6

Products Affected

Vendor Product Version
netgear r7000p_firmware 1.3.3.154
CVE-2024-51018

Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptp_user_netmask parameter at pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.1 3.6

Products Affected

Vendor Product Version
netgear r7000p_firmware 1.3.3.154
CVE-2024-51019

Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pppoe_localnetmask parameter at pppoe.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.1 3.6

Products Affected

Vendor Product Version
netgear r7000p_firmware 1.3.3.154
CVE-2024-51020

Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the apn parameter at usbISP_detail_edit.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.1 3.6

Products Affected

Vendor Product Version
netgear r7000p_firmware 1.3.3.154
CVE-2024-51021

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a command injection vulnerability via the wan_gateway parameter at genie_fix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
netgear xr300_firmware 1.0.3.78
netgear r7000p_firmware 1.3.3.154
netgear r6400v2_firmware 1.0.4.128
CVE-2024-51022

Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the ssid parameter in bridge_wireless_main.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.1 3.6

Products Affected

Vendor Product Version
netgear xr300_firmware 1.0.3.78
CVE-2024-52013

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at wiz_pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.1 3.6

Products Affected

Vendor Product Version
netgear xr300_firmware 1.0.3.78
netgear r8500_firmware 1.0.2.160
netgear r7000p_firmware 1.3.3.154
netgear r6400v2_firmware 1.0.4.128
CVE-2024-52014

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at genie_pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.1 3.6

Products Affected

Vendor Product Version
netgear xr300_firmware 1.0.3.78
netgear r8500_firmware 1.0.2.160
netgear r7000p_firmware 1.3.3.154
netgear r6400v2_firmware 1.0.4.128
CVE-2024-52015

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at bsw_pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.1 3.6

Products Affected

Vendor Product Version
netgear xr300_firmware 1.0.3.78
netgear r8500_firmware 1.0.2.160
netgear r7000p_firmware 1.3.3.154
netgear r6400v2_firmware 1.0.4.128
CVE-2024-52016

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to multiple stack overflow vulnerabilities in the component wlg_adv.cgi via the apmode_dns1_pri and apmode_dns1_sec parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted POST request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.1 3.6

Products Affected

Vendor Product Version
netgear xr300_firmware 1.0.3.78
netgear r8500_firmware 1.0.2.160
netgear r7000p_firmware 1.3.3.154
netgear r6400v2_firmware 1.0.4.128
CVE-2024-52017

Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the passphrase parameter at bridge_wireless_main.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.1 3.6

Products Affected

Vendor Product Version
netgear xr300_firmware 1.0.3.78
CVE-2024-52018

Netgear XR300 v1.0.3.78 was discovered to contain a command injection vulnerability in the system_name parameter at genie_dyn.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
netgear xr300_firmware 1.0.3.78
CVE-2024-52019

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at genie_fix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
netgear r8500_firmware 1.0.2.160
CVE-2024-52020

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at wiz_fix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
netgear r8500_firmware 1.0.2.160
CVE-2024-52021

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at bsw_fix.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
netgear r8500_firmware 1.0.2.160
CVE-2024-52022

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a command injection vulnerability in the component wlg_adv.cgi via the apmode_gateway parameter. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
netgear xr300_firmware 1.0.3.78
netgear r8500_firmware 1.0.2.160
netgear r7000p_firmware 1.3.3.154
netgear r6400v2_firmware 1.0.4.128
CVE-2024-52023

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at pppoe2.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.1 3.6

Products Affected

Vendor Product Version
netgear xr300_firmware 1.0.3.78
netgear r7000p_firmware 1.3.3.154
netgear r6400v2_firmware 1.0.4.128
CVE-2024-52024

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at wizpppoe.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.1 3.6

Products Affected

Vendor Product Version
netgear xr300_firmware 1.0.3.78
netgear r7000p_firmware 1.3.3.154
netgear r6400v2_firmware 1.0.4.128
CVE-2024-52025

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at geniepppoe.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.1 3.6

Products Affected

Vendor Product Version
netgear xr300_firmware 1.0.3.78
netgear r7000p_firmware 1.3.3.154
netgear r6400v2_firmware 1.0.4.128
CVE-2024-52026

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at bsw_pppoe.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.1 3.6

Products Affected

Vendor Product Version
netgear xr300_firmware 1.0.3.78
netgear r7000p_firmware 1.3.3.154
netgear r6400v2_firmware 1.0.4.128
CVE-2024-52028

Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptp_user_netmask parameter at wiz_pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.1 3.6

Products Affected

Vendor Product Version
netgear r7000p_firmware 1.3.3.154
CVE-2024-52029

Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptp_user_netmask parameter at genie_pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.1 3.6

Products Affected

Vendor Product Version
netgear r7000p_firmware 1.3.3.154
CVE-2024-52030

Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptp_user_netmask parameter at ru_wan_flow.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.1 3.6

Products Affected

Vendor Product Version
netgear r7000p_firmware 1.3.3.154
CVE-2024-5245

NETGEAR ProSAFE Network Management System Default Credentials Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the product installer. The issue results from the use of default MySQL credentials. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22755.

Products Affected

Vendor Product Version
netgear prosafe_network_management_system *
CVE-2024-5246

NETGEAR ProSAFE Network Management System Tomcat Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The specific flaw exists within the product installer. The issue results from the use of a vulnerable version of Apache Tomcat. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-22868.

Products Affected

Vendor Product Version
netgear prosafe_network_management_software_300 1.7.0.37
CVE-2024-5247

NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The specific flaw exists within the UpLoadServlet class. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-22923.

Products Affected

Vendor Product Version
netgear prosafe_network_management_system *
CVE-2024-54802

In Netgear WNR854T 1.5.2 (North America), the UPNP service (/usr/sbin/upnp) is vulnerable to stack-based buffer overflow in the M-SEARCH Host header.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
netgear wnr854t_firmware 1.5.2
CVE-2024-54803

Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. An attacker can send a specially crafted request to post.cgi, updating the nvram parameter pppoe_peer_mac and forcing a reboot. This will result in command injection.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
netgear wnr854t_firmware 1.5.2
CVE-2024-5505

NETGEAR ProSAFE Network Management System UpLoadServlet Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The specific flaw exists within the UpLoadServlet class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-22724.

Products Affected

Vendor Product Version
netgear prosafe_network_management_system *
CVE-2024-57046

A vulnerability in the Netgear DGN2200 router with firmware version v1.0.0.46 and earlier permits unauthorized individuals to bypass the authentication. When adding "?x=1.gif" to the the requested url, it will be recognized as passing the authentication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
netgear dgn2200_firmware *
CVE-2024-57229

NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
netgear rax50_firmware 1.0.2.26
CVE-2024-57230

NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
netgear rax50_firmware 1.0.2.26
CVE-2024-57231

NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

Products Affected

Vendor Product Version
netgear rax50_firmware 1.0.2.26
CVE-2024-57232

NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
netgear rax50_firmware 1.0.2.26
CVE-2024-57233

NETGEAR RAX5 (AX1600 WiFi Router) v1.0.2.26 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

Products Affected

Vendor Product Version
netgear rax50_firmware 1.0.2.26
CVE-2024-57234

NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

Products Affected

Vendor Product Version
netgear rax50_firmware 1.0.2.26
CVE-2024-57235

NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the iface parameter in the vif_enable function.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
netgear rax50_firmware 1.0.2.26
CVE-2025-12940

Login credentials are inadvertently recorded in logs if a Syslog Server is configured in NETGEAR WAX610 and WAX610Y (AX1800 Dual Band PoE Multi-Gig Insight Managed WiFi 6 Access Points). An user having access to the syslog server can read the logs containing these credentials.  This issue affects WAX610: before 10.8.11.4; WAX610Y: before 10.8.11.4. Devices managed with Insight get automatic updates. If not, please check the firmware version and update to the latest. Fixed in: WAX610 firmware 11.8.0.10 or later. WAX610Y firmware 11.8.0.10 or later.

Products Affected

Vendor Product Version
netgear wax610y_firmware *
netgear wax610_firmware *
CVE-2025-12941

Denial of Service Vulnerability in NETGEAR C6220 and C6230 (DOCSIS® 3.0 Two-in-one Cable Modem + WiFi Router) allows authenticated local WiFi users reboot the router.

Products Affected

Vendor Product Version
netgear c6220_firmware -
netgear c6230_firmware -
CVE-2025-12942

Improper Input Validation vulnerability in NETGEAR R6260 and NETGEAR R6850 allows unauthenticated attackers connected to LAN with ability to perform MiTM attacks and control over DNS Server to perform command execution.This issue affects R6260: through 1.1.0.86; R6850: through 1.1.0.86.

Products Affected

Vendor Product Version
netgear r6260_firmware *
netgear r6850_firmware *
CVE-2025-12943

Improper certificate validation in firmware update logic in NETGEAR RAX30 (Nighthawk AX5 5-Stream AX2400 WiFi 6 Router) and RAXE300 (Nighthawk AXE7800 Tri-Band WiFi 6E Router) allows attackers with the ability to intercept and tamper traffic destined to the device to execute arbitrary commands on the device. Devices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update to the latest. Fixed in: RAX30 firmware 1.0.14.108 or later. RAXE300 firmware 1.0.9.82 or later

Products Affected

Vendor Product Version
netgear raxe300_firmware *
netgear rax30_firmware *
CVE-2025-12944

Improper input validation in NETGEAR DGN2200v4 (N300 Wireless ADSL2+ Modem Router) allows attackers with direct network access to the device to potentially execute code on the device. Please check the firmware version and update to the latest. Fixed in:  DGN2200v4 firmware 1.0.0.132 or later

Products Affected

Vendor Product Version
netgear dgn2200_firmware *
CVE-2025-12945

A vulnerability in NETGEAR Nighthawk R7000P routers lets an authenticated admin execute OS command injections due to improper input validation. This issue affects R7000P: through 1.3.3.154.

Products Affected

Vendor Product Version
netgear r7000p_firmware *
CVE-2025-12946

A vulnerability in the speedtest feature of affected NETGEAR Nighthawk routers, caused by improper input validation, can allow attackers on the router's WAN side, using attacker-in-the-middle techniques (MiTM) to manipulate DNS responses and execute commands when speedtests are run. This issue affects RS700: through 1.0.7.82; RAX54Sv2 : before V1.1.6.36; RAX41v2: before V1.1.6.36; RAX50: before V1.2.14.114; RAXE500: before V1.2.14.114; RAX41: before V1.0.17.142; RAX43: before V1.0.17.142; RAX35v2: before V1.0.17.142; RAXE450: before V1.2.14.114; RAX43v2: before V1.1.6.36; RAX42: before V1.0.17.142; RAX45: before V1.0.17.142; RAX50v2: before V1.1.6.36; MR90: before V1.0.2.46; MS90: before V1.0.2.46; RAX42v2: before V1.1.6.36; RAX49S: before V1.1.6.36.

Products Affected

Vendor Product Version
netgear rax50v2_firmware *
netgear rax42_firmware *
netgear raxe450_firmware *
netgear raxe500_firmware *
netgear rax41v2_firmware *
netgear rax35v2_firmware *
netgear rax43_firmware *
netgear rax45v2_firmware *
netgear rax42v2_firmware *
netgear rs700_firmware *
netgear rax49s_firmware *
netgear rax50_firmware *
netgear mr90_firmware *
netgear rax41_firmware *
netgear rax43v2_firmware *
netgear rax54sv2_firmware *
netgear ms90_firmware *
netgear rax45_firmware *
CVE-2025-28219

Netgear DC112A V1.0.0.64 has an OS command injection vulnerability in the usb_adv.cgi, which allows remote attackers to execute arbitrary commands via parameter "deviceName" passed to the binary through a POST request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
netgear dc112a_firmware 1.0.0.64
CVE-2025-4114 HIGH

A vulnerability classified as critical has been found in Netgear JWNR2000v2 1.0.0.11. Affected is the function check_language_file. The manipulation of the argument host leads to buffer overflow. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,CWE-120,CWE-120,

Products Affected

Vendor Product Version
netgear jwnr2000_firmware 1.0.0.11
CVE-2025-4115 HIGH

A vulnerability classified as critical was found in Netgear JWNR2000v2 1.0.0.11. Affected by this vulnerability is the function default_version_is_new. The manipulation of the argument host leads to buffer overflow. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cna@vuldb.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,CWE-120,CWE-120,

Products Affected

Vendor Product Version
netgear jwnr2000_firmware 1.0.0.11
CVE-2025-4116 HIGH

A vulnerability, which was classified as critical, has been found in Netgear JWNR2000v2 1.0.0.11. Affected by this issue is the function get_cur_lang_ver. The manipulation of the argument host leads to buffer overflow. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cna@vuldb.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,CWE-120,CWE-120,

Products Affected

Vendor Product Version
netgear jwnr2000_firmware 1.0.0.11
CVE-2025-4117 MEDIUM

A vulnerability, which was classified as critical, was found in Netgear JWNR2000v2 1.0.0.11. This affects the function sub_41A914. The manipulation of the argument host leads to buffer overflow. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cna@vuldb.com 5.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 2.1 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-120,CWE-120,

Products Affected

Vendor Product Version
netgear jwnr2000_firmware 1.0.0.11
CVE-2025-4120 HIGH

A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has been classified as critical. Affected is the function sub_4238E8. The manipulation of the argument host leads to buffer overflow. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cna@vuldb.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,CWE-120,CWE-120,

Products Affected

Vendor Product Version
netgear jwnr2000v2_firmware 1.0.0.11
CVE-2025-4121 MEDIUM

A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has been declared as critical. Affected by this vulnerability is the function cmd_wireless. The manipulation of the argument host leads to command injection. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 6.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 2.8 3.4
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,CWE-77,CWE-77,

Products Affected

Vendor Product Version
netgear jwnr2000v2_firmware 1.0.0.11
CVE-2025-4122 MEDIUM

A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has been rated as critical. Affected by this issue is the function sub_435E04. The manipulation of the argument host leads to command injection. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 6.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 2.8 3.4
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,CWE-77,CWE-77,

Products Affected

Vendor Product Version
netgear jwnr2000v2_firmware 1.0.0.11
CVE-2025-4135 MEDIUM

A vulnerability was found in Netgear WG302v2 up to 5.2.9 and classified as critical. Affected by this issue is the function ui_get_input_value. The manipulation of the argument host leads to command injection. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 6.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 2.8 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,CWE-77,

Products Affected

Vendor Product Version
netgear wg302v2_firmware *
CVE-2025-4139 HIGH

A vulnerability classified as critical was found in Netgear EX6120 1.0.0.68. Affected by this vulnerability is the function fwAcosCgiInbound. The manipulation of the argument host leads to buffer overflow. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,CWE-120,

Products Affected

Vendor Product Version
netgear ex6120_firmware 1.0.0.68
CVE-2025-4140 HIGH

A vulnerability, which was classified as critical, has been found in Netgear EX6120 1.0.3.94. Affected by this issue is the function sub_30394. The manipulation of the argument host leads to buffer overflow. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cna@vuldb.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,CWE-120,CWE-120,

Products Affected

Vendor Product Version
netgear ex6120_firmware 1.0.3.94
CVE-2025-4141 HIGH

A vulnerability, which was classified as critical, was found in Netgear EX6200 1.0.3.94. This affects the function sub_3C03C. The manipulation of the argument host leads to buffer overflow. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,CWE-120,CWE-120,

Products Affected

Vendor Product Version
netgear ex6200_firmware 1.0.3.94
CVE-2025-4142 HIGH

A vulnerability has been found in Netgear EX6200 1.0.3.94 and classified as critical. This vulnerability affects the function sub_3C8EC. The manipulation of the argument host leads to buffer overflow. The attack can be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cna@vuldb.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,CWE-120,CWE-120,

Products Affected

Vendor Product Version
netgear ex6200_firmware 1.0.3.94
CVE-2025-4145 HIGH

A vulnerability, which was classified as critical, has been found in Netgear EX6200 1.0.3.94. This issue affects the function sub_3D0BC. The manipulation of the argument host leads to buffer overflow. The attack may be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,CWE-120,CWE-120,

Products Affected

Vendor Product Version
netgear ex6200_firmware 1.0.3.94
CVE-2025-4146 HIGH

A vulnerability, which was classified as critical, was found in Netgear EX6200 1.0.3.94. Affected is the function sub_41940. The manipulation of the argument host leads to buffer overflow. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,CWE-120,CWE-120,

Products Affected

Vendor Product Version
netgear ex6200_firmware 1.0.3.94
CVE-2025-4147 HIGH

A vulnerability has been found in Netgear EX6200 1.0.3.94 and classified as critical. Affected by this vulnerability is the function sub_47F7C. The manipulation of the argument host leads to buffer overflow. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cna@vuldb.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,CWE-120,CWE-120,

Products Affected

Vendor Product Version
netgear ex6200_firmware 1.0.3.94
CVE-2025-4148 HIGH

A vulnerability was found in Netgear EX6200 1.0.3.94 and classified as critical. Affected by this issue is the function sub_503FC. The manipulation of the argument host leads to buffer overflow. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,CWE-120,CWE-120,

Products Affected

Vendor Product Version
netgear ex6200_firmware 1.0.3.94
CVE-2025-4149 HIGH

A vulnerability was found in Netgear EX6200 1.0.3.94. It has been classified as critical. This affects the function sub_54014. The manipulation of the argument host leads to buffer overflow. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,CWE-120,CWE-120,

Products Affected

Vendor Product Version
netgear ex6200_firmware 1.0.3.94
CVE-2025-4150 HIGH

A vulnerability was found in Netgear EX6200 1.0.3.94. It has been declared as critical. This vulnerability affects the function sub_54340. The manipulation of the argument host leads to buffer overflow. The attack can be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cna@vuldb.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,CWE-120,CWE-120,

Products Affected

Vendor Product Version
netgear ex6200_firmware 1.0.3.94
CVE-2025-44650

In Netgear R7000 V1.3.1.64_10.1.36 and EAX80 V1.0.1.70_1.0.2, the USERLIMIT_GLOBAL option is set to 0 in the bftpd.conf configuration file. This can cause DoS attacks when unlimited users are connected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
netgear r7000_firmware 1.3.1.64_10.1.36
netgear eax80_firmware 1.0.1.70_1.0.2
CVE-2025-44652

In Netgear RAX30 V1.0.10.94_3, the USERLIMIT_GLOBAL option is set to 0 in multiple bftpd-related configuration files. This can cause DoS attacks when unlimited users are connected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
netgear rax30_firmware 1.0.10.94_3
CVE-2025-44658

In Netgear RAX30 V1.0.10.94, a PHP-FPM misconfiguration vulnerability is caused by not following the specification to only limit FPM to .php extensions. An attacker may exploit this by uploading malicious scripts disguised with alternate extensions and tricking the web server into executing them as PHP, bypassing security mechanisms based on file extension filtering. This may lead to remote code execution (RCE), information disclosure, or full system compromise.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
netgear rax30_firmware 1.0.10.94
CVE-2025-45492

Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the Iface parameter in the action_wireless function.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

Products Affected

Vendor Product Version
netgear ex8000_firmware 1.0.0.126
CVE-2025-45493

Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the iface parameter in the action_bandwidth function.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

Products Affected

Vendor Product Version
netgear ex8000_firmware 1.0.0.126
CVE-2025-4977 MEDIUM

A vulnerability, which was classified as problematic, has been found in Netgear DGND3700 1.1.00.15_1.00.15NA. Affected by this issue is some unknown functionality of the file /BRS_top.html. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other products might be affected as well. The vendor was contacted early about this disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-284,

Products Affected

Vendor Product Version
netgear dgnd3700_firmware 1.1.00.15_1.00.15na
CVE-2025-4978 HIGH

A vulnerability, which was classified as very critical, was found in Netgear DGND3700 1.1.00.15_1.00.15NA. This affects an unknown part of the file /BRS_top.html of the component Basic Authentication. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other products might be affected as well. The vendor was contacted early about this disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
netgear dgnd3700_firmware 1.1.00.15_1.00.15na
CVE-2025-4980 MEDIUM

A vulnerability has been found in Netgear DGND3700 1.1.00.15_1.00.15NA and classified as problematic. This vulnerability affects unknown code of the file /currentsetting.htm of the component mini_http. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other products might be affected as well. The vendor was contacted early about this disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-284,

Products Affected

Vendor Product Version
netgear dgnd3700_firmware 1.1.00.15_1.00.15na
CVE-2025-50526

Netgear EX8000 V1.0.0.126 was discovered to contain a command injection vulnerability via the switch_status function.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
netgear ex8000_firmware 1.0.0.126
CVE-2025-52080

In Netgear XR300 V1.0.3.38_10.3.30, a stack-based buffer overflow vulnerability exists in the HTTPD service through the usb_device.cgi endpoint. The vulnerability occurs when processing POST requests containing the share_name parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

Products Affected

Vendor Product Version
netgear xr300_firmware 1.0.3.38
netgear xr300_firmware v1.0.3.38_10.3.30
CVE-2025-52081

In Netgear XR300 V1.0.3.38_10.3.30, a stack-based buffer overflow vulnerability exists in the HTTPD service through the usb_device.cgi endpoint. The vulnerability occurs when processing POST requests containing the usb_folder parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

Products Affected

Vendor Product Version
netgear xr300_firmware 1.0.3.38
netgear xr300_firmware v1.0.3.38_10.3.30
CVE-2025-52082

In Netgear XR300 V1.0.3.38_10.3.30, a stack-based buffer overflow exists in the HTTPD service through the usb_device.cgi endpoint. The vulnerability occurs when processing POST requests containing the read_access parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

Products Affected

Vendor Product Version
netgear xr300_firmware 1.0.3.38
netgear xr300_firmware v1.0.3.38_10.3.30
CVE-2025-5495 HIGH

A vulnerability was found in Netgear WNR614 1.1.0.28_1.0.1WW. It has been classified as critical. This affects an unknown part of the component URL Handler. The manipulation with the input %00currentsetting.htm leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This issue appears to have been circulating as an 0day since 2024.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cna@vuldb.com 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 3.9 3.4

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
netgear wnr614_firmware 1.1.0.28_1.0.1ww
netgear wnr614_firmware 1.1.0.28
CVE-2025-5934 HIGH

A vulnerability was found in Netgear EX3700 up to 1.0.0.88. It has been classified as critical. Affected is the function sub_41619C of the file /mtd. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.0.98 is able to address this issue. It is recommended to upgrade the affected component. This vulnerability only affects products that are no longer supported by the maintainer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,CWE-121,CWE-787,

Products Affected

Vendor Product Version
netgear ex3700_firmware *
CVE-2025-6510 HIGH

A vulnerability was found in Netgear EX6100 1.0.2.28_1.1.138. It has been rated as critical. Affected by this issue is the function sub_415EF8. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,CWE-121,

Products Affected

Vendor Product Version
netgear ex6100_firmware 1.0.2.28_1.1.138
CVE-2025-6511 HIGH

A vulnerability classified as critical has been found in Netgear EX6150 1.0.0.46_1.0.76. This affects the function sub_410090. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,CWE-121,

Products Affected

Vendor Product Version
netgear ex6150_firmware 1.0.0.46_1.0.76
CVE-2025-7407 MEDIUM

A vulnerability, which was classified as critical, was found in Netgear D6400 1.0.0.114. This affects an unknown part of the file diag.cgi. The manipulation of the argument host_name leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early and confirmed the existence of the vulnerability. They reacted very quickly, professional and kind. This vulnerability only affects products that are no longer supported by the maintainer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 6.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 2.8 3.4
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,CWE-78,

Products Affected

Vendor Product Version
netgear d6400_firmware 1.0.0.114
CVE-2026-0403

An insufficient input validation vulnerability in NETGEAR Orbi routers allows attackers connected to the router's LAN to execute OS command injections.

Products Affected

Vendor Product Version
netgear rbse960_firmware *
netgear rbre960_firmware *
netgear rbr860_firmware *
netgear rbe970_firmware *
netgear rbr850_firmware *
netgear rbs850_firmware *
netgear rbe971_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
netgear rbs860_firmware *
CVE-2026-0404

An insufficient input validation vulnerability in NETGEAR Orbi devices' DHCPv6 functionality allows network adjacent attackers authenticated over WiFi or on LAN to execute OS command injections on the router. DHCPv6 is not enabled by default.

Products Affected

Vendor Product Version
netgear rbse950_firmware *
netgear rbre960_firmware *
netgear rbr860_firmware *
netgear rbre950_firmware *
netgear rbr850_firmware *
netgear rbr840_firmware *
netgear rbr750_firmware *
netgear rbs750_firmware *
netgear rbse960_firmware *
netgear rbs840_firmware *
netgear rbs850_firmware *
netgear rbs860_firmware *
CVE-2026-0405

An authentication bypass vulnerability in NETGEAR Orbi devices allows users connected to the local network to access the router web interface as an admin.

Products Affected

Vendor Product Version
netgear rbe370_firmware *
netgear rbre960_firmware *
netgear nbr750_firmware *
netgear rbe373_firmware *
netgear rbe970_firmware *
netgear rbr850_firmware *
netgear rbr840_firmware *
netgear rbr750_firmware *
netgear rbe371_firmware *
netgear rbe374_firmware *
netgear rbe772_firmware *
netgear rbse960_firmware *
netgear rbs840_firmware *
netgear rbe770_firmware *
netgear rbe771_firmware *
netgear rbe773_firmware *
netgear cbr750_firmware *
netgear rbse950_firmware *
netgear rbr860_firmware *
netgear rbre950_firmware *
netgear rbe372_firmware *
netgear rbe971_firmware *
netgear rbs750_firmware *
netgear rbs850_firmware *
netgear rbs860_firmware *
CVE-2026-0406

An insufficient input validation vulnerability in the NETGEAR XR1000v2 allows attackers connected to the router's LAN to execute OS command injections.

Products Affected

Vendor Product Version
netgear xr1000v2_firmware *
CVE-2026-0407

An insufficient authentication vulnerability in NETGEAR WiFi range extenders allows a network adjacent attacker with WiFi authentication or a physical Ethernet port connection to bypass the authentication process and access the admin panel.

Products Affected

Vendor Product Version
netgear ex2800_firmware *
netgear ex3110_firmware *
netgear ex6110_firmware *
netgear ex5000_firmware *
CVE-2026-0408

A path traversal vulnerability in NETGEAR WiFi range extenders allows an attacker with LAN authentication to access the router's IP and review the contents of the dynamically generated webproc file, which records the username and password submitted to the router GUI.

Products Affected

Vendor Product Version
netgear ex2800_firmware *
netgear ex3110_firmware *
netgear ex6110_firmware *
netgear ex5000_firmware *