Filtered by vendor Netgear Subscriptions
Total 1208 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-45503 1 Netgear 14 Cbr750, Cbr750 Firmware, Rbk752 and 11 more 2024-11-21 9.6 Critical
Certain NETGEAR devices are affected by authentication bypass. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.
CVE-2021-45502 1 Netgear 14 Cbr750, Cbr750 Firmware, Rbk752 and 11 more 2024-11-21 9.6 Critical
Certain NETGEAR devices are affected by authentication bypass. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.
CVE-2021-45501 1 Netgear 38 Ac2400, Ac2400 Firmware, Ac2600 and 35 more 2024-11-21 9.4 Critical
Certain NETGEAR devices are affected by authentication bypass. This affects AC2400 before 1.1.0.84, AC2600 before 1.1.0.84, D7000 before 1.0.1.82, R6020 before 1.0.0.52, R6080 before 1.0.0.52, R6120 before 1.0.0.80, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.84, R6330 before 1.1.0.84, R6350 before 1.1.0.84, R6700v2 before 1.1.0.84, R6800 before 1.1.0.84, R6850 before 1.1.0.84, R6900v2 before 1.1.0.84, R7200 before 1.1.0.84, R7350 before 1.1.0.84, R7400 before 1.1.0.84, and R7450 before 1.1.0.84.
CVE-2021-45500 1 Netgear 4 R7000p, R7000p Firmware, R8000 and 1 more 2024-11-21 9.6 Critical
Certain NETGEAR devices are affected by authentication bypass. This affects R7000P before 1.3.3.140 and R8000 before 1.0.4.68.
CVE-2021-45499 1 Netgear 14 R6900p, R6900p Firmware, R7000p and 11 more 2024-11-21 8.2 High
Certain NETGEAR devices are affected by authentication bypass. This affects R6900P before 1.3.3.140, R7000P before 1.3.3.140, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000P before 1.4.2.84, RAX75 before 1.0.3.106, and RAX80 before 1.0.3.106.
CVE-2021-45498 1 Netgear 2 R6700v2, R6700v2 Firmware 2024-11-21 6.5 Medium
NETGEAR R6700v2 devices before 1.2.0.88 are affected by authentication bypass.
CVE-2021-45497 1 Netgear 2 D7000, D7000 Firmware 2024-11-21 9.4 Critical
NETGEAR D7000 devices before 1.0.1.82 are affected by authentication bypass.
CVE-2021-45496 1 Netgear 2 D7000, D7000 Firmware 2024-11-21 9.1 Critical
NETGEAR D7000 devices before 1.0.1.82 are affected by authentication bypass.
CVE-2021-45495 1 Netgear 2 D7000, D7000 Firmware 2024-11-21 6.5 Medium
NETGEAR D7000 devices before 1.0.1.68 are affected by authentication bypass.
CVE-2021-45494 1 Netgear 6 Rbk352, Rbk352 Firmware, Rbr350 and 3 more 2024-11-21 8.4 High
Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects RBK352 before 4.4.0.10, RBR350 before 4.4.0.10, and RBS350 before 4.4.0.10.
CVE-2021-45493 1 Netgear 6 Rax35, Rax35 Firmware, Rax38 and 3 more 2024-11-21 7.6 High
Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RAX35 before 1.0.4.102, RAX38 before 1.0.4.102, and RAX40 before 1.0.4.102.
CVE-2021-45077 1 Netgear 2 R6700, R6700 Firmware 2024-11-21 7.5 High
Netgear Nighthawk R6700 version 1.0.4.120 stores sensitive information in plaintext. All usernames and passwords for the device's associated services are stored in plaintext on the device. For example, the admin password is stored in plaintext in the primary configuration file on the device.
CVE-2021-44262 1 Netgear 6 Mbr1517, Mbr1517 Firmware, Wac104 and 3 more 2024-11-21 7.5 High
A vulnerability is in the 'MNU_top.htm' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes some key information for the device.
CVE-2021-44261 1 Netgear 10 R6220, R6220 Firmware, R6900 and 7 more 2024-11-21 5.3 Medium
A vulnerability is in the 'BRS_top.html' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes firmware version information for the device.
CVE-2021-41449 1 Netgear 6 Rax35, Rax35 Firmware, Rax38 and 3 more 2024-11-21 7.1 High
A path traversal attack in web interfaces of Netgear RAX35, RAX38, and RAX40 routers before v1.0.4.102, allows a remote unauthenticated attacker to gain access to sensitive restricted information, such as forbidden files of the web application, via sending a specially crafted HTTP packet.
CVE-2021-41383 1 Netgear 2 R6020, R6020 Firmware 2024-11-21 7.2 High
setup.cgi on NETGEAR R6020 1.0.0.48 devices allows an admin to execute arbitrary shell commands via shell metacharacters in the ntp_server field.
CVE-2021-41314 1 Netgear 40 Gc108p, Gc108p Firmware, Gc108pp and 37 more 2024-11-21 8.8 High
Certain NETGEAR smart switches are affected by a \n injection in the web UI's password field, which - due to several faulty aspects of the authentication scheme - allows the attacker to create (or overwrite) a file with specific content (e.g., the "2" string). This leads to admin session crafting and therefore gaining full web UI admin privileges by an unauthenticated attacker. This affects GC108P before 1.0.8.2, GC108PP before 1.0.8.2, GS108Tv3 before 7.0.7.2, GS110TPP before 7.0.7.2, GS110TPv3 before 7.0.7.2, GS110TUP before 1.0.5.3, GS308T before 1.0.3.2, GS310TP before 1.0.3.2, GS710TUP before 1.0.5.3, GS716TP before 1.0.4.2, GS716TPP before 1.0.4.2, GS724TPP before 2.0.6.3, GS724TPv2 before 2.0.6.3, GS728TPPv2 before 6.0.8.2, GS728TPv2 before 6.0.8.2, GS750E before 1.0.1.10, GS752TPP before 6.0.8.2, GS752TPv2 before 6.0.8.2, MS510TXM before 1.0.4.2, and MS510TXUP before 1.0.4.2.
CVE-2021-40867 1 Netgear 40 Gc108p, Gc108p Firmware, Gc108pp and 37 more 2024-11-21 7.8 High
Certain NETGEAR smart switches are affected by an authentication hijacking race-condition vulnerability by an unauthenticated attacker who uses the same source IP address as an admin in the process of logging in (e.g., behind the same NAT device, or already in possession of a foothold on an admin's machine). This occurs because the multi-step HTTP authentication process is effectively tied only to the source IP address. This affects GC108P before 1.0.8.2, GC108PP before 1.0.8.2, GS108Tv3 before 7.0.7.2, GS110TPP before 7.0.7.2, GS110TPv3 before 7.0.7.2, GS110TUP before 1.0.5.3, GS308T before 1.0.3.2, GS310TP before 1.0.3.2, GS710TUP before 1.0.5.3, GS716TP before 1.0.4.2, GS716TPP before 1.0.4.2, GS724TPP before 2.0.6.3, GS724TPv2 before 2.0.6.3, GS728TPPv2 before 6.0.8.2, GS728TPv2 before 6.0.8.2, GS750E before 1.0.1.10, GS752TPP before 6.0.8.2, GS752TPv2 before 6.0.8.2, MS510TXM before 1.0.4.2, and MS510TXUP before 1.0.4.2.
CVE-2021-40866 1 Netgear 40 Gc108p, Gc108p Firmware, Gc108pp and 37 more 2024-11-21 9.8 Critical
Certain NETGEAR smart switches are affected by a remote admin password change by an unauthenticated attacker via the (disabled by default) /sqfs/bin/sccd daemon, which fails to check authentication when the authentication TLV is missing from a received NSDP packet. This affects GC108P before 1.0.8.2, GC108PP before 1.0.8.2, GS108Tv3 before 7.0.7.2, GS110TPP before 7.0.7.2, GS110TPv3 before 7.0.7.2, GS110TUP before 1.0.5.3, GS308T before 1.0.3.2, GS310TP before 1.0.3.2, GS710TUP before 1.0.5.3, GS716TP before 1.0.4.2, GS716TPP before 1.0.4.2, GS724TPP before 2.0.6.3, GS724TPv2 before 2.0.6.3, GS728TPPv2 before 6.0.8.2, GS728TPv2 before 6.0.8.2, GS750E before 1.0.1.10, GS752TPP before 6.0.8.2, GS752TPv2 before 6.0.8.2, MS510TXM before 1.0.4.2, and MS510TXUP before 1.0.4.2.
CVE-2021-40847 1 Netgear 22 R6400v2, R6400v2 Firmware, R6700 and 19 more 2024-11-21 8.1 High
The update process of the Circle Parental Control Service on various NETGEAR routers allows remote attackers to achieve remote code execution as root via a MitM attack. While the parental controls themselves are not enabled by default on the routers, the Circle update daemon, circled, is enabled by default. This daemon connects to Circle and NETGEAR to obtain version information and updates to the circled daemon and its filtering database. However, database updates from NETGEAR are unsigned and downloaded via cleartext HTTP. As such, an attacker with the ability to perform a MitM attack on the device can respond to circled update requests with a crafted, compressed database file, the extraction of which gives the attacker the ability to overwrite executable files with attacker-controlled code. This affects R6400v2 1.0.4.106, R6700 1.0.2.16, R6700v3 1.0.4.106, R6900 1.0.2.16, R6900P 1.3.2.134, R7000 1.0.11.123, R7000P 1.3.2.134, R7850 1.0.5.68, R7900 1.0.4.38, R8000 1.0.4.68, and RS400 1.5.0.68.