Filtered by vendor Netgear Subscriptions
Total 1208 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-28373 1 Netgear 26 R6250, R6250 Firmware, R6400 and 23 more 2024-11-21 8.8 High
upnpd on certain NETGEAR devices allows remote (LAN) attackers to execute arbitrary code via a stack-based buffer overflow. This affects R6400v2 V1.0.4.102_10.0.75, R6400 V1.0.1.62_1.0.41, R7000P V1.3.2.126_10.1.66, XR300 V1.0.3.50_10.3.36, R8000 V1.0.4.62, R8300 V1.0.2.136, R8500 V1.0.2.136, R7300DST V1.0.0.74, R7850 V1.0.5.64, R7900 V1.0.4.30, RAX20 V1.0.2.64, RAX80 V1.0.3.102, and R6250 V1.0.4.44.
CVE-2020-28041 1 Netgear 2 Nighthawk R7000, Nighthawk R7000 Firmware 2024-11-21 6.5 Medium
The SIP ALG implementation on NETGEAR Nighthawk R7000 1.0.9.64_10.2.64 devices allows remote attackers to communicate with arbitrary TCP and UDP services on a victim's intranet machine, if the victim visits an attacker-controlled web site with a modern browser, aka NAT Slipstreaming. This occurs because the ALG takes action based on an IP packet with an initial REGISTER substring in the TCP data, and the correct intranet IP address in the subsequent Via header, without properly considering that connection progress and fragmentation affect the meaning of the packet data.
CVE-2020-27873 1 Netgear 38 Ac2100, Ac2100 Firmware, Ac2400 and 35 more 2024-11-21 6.5 Medium
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SOAP API endpoint, which listens on TCP port 80 by default. The issue results from the lack of proper access control. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-11559.
CVE-2020-27872 1 Netgear 38 Ac2100, Ac2100 Firmware, Ac2400 and 35 more 2024-11-21 8.8 High
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from improper state tracking in the password recovery process. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-11365.
CVE-2020-27867 1 Netgear 38 Ac2100, Ac2100 Firmware, Ac2400 and 35 more 2024-11-21 6.8 Medium
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. When parsing the funjsq_access_token parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11653.
CVE-2020-27866 1 Netgear 38 Ac2100, Ac2100 Firmware, Ac2400 and 35 more 2024-11-21 8.8 High
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-11355.
CVE-2020-27861 1 Netgear 71 Cbk40, Cbk40 Firmware, Cbk43 and 68 more 2024-11-21 8.8 High
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi 2.5.1.16 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UA_Parser utility. A crafted Host Name option in a DHCP request can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11076.
CVE-2020-26931 1 Netgear 6 Wc7500, Wc7500 Firmware, Wc7600 and 3 more 2024-11-21 5.9 Medium
Certain NETGEAR devices are affected by disclosure of sensitive information. This affects WC7500 before 6.5.5.24, WC7600 before 6.5.5.24, WC7600v2 before 6.5.5.24, and WC9500 before 6.5.5.24.
CVE-2020-26930 1 Netgear 2 Ex7700, Ex7700 Firmware 2024-11-21 3.3 Low
NETGEAR EX7700 devices before 1.0.0.210 are affected by incorrect configuration of security settings.
CVE-2020-26929 1 Netgear 4 R6220, R6220 Firmware, R6230 and 1 more 2024-11-21 7.3 High
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6220 before 1.1.0.100 and R6230 before 1.1.0.100.
CVE-2020-26928 1 Netgear 14 Cbr40, Cbr40 Firmware, Rbk752 and 11 more 2024-11-21 9.6 Critical
Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11.
CVE-2020-26927 1 Netgear 34 Ac2100, Ac2100 Firmware, Ac2400 and 31 more 2024-11-21 9.4 Critical
Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.42, R6080 before 1.0.0.42, R6050 before 1.0.1.26, JR6150 before 1.0.1.26, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.66, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, AC2100 before 1.2.0.62, AC2400 before 1.2.0.62, AC2600 before 1.2.0.62, R7450 before 1.2.0.62, and WNR2020 before 1.1.0.62.
CVE-2020-26926 1 Netgear 14 Cbr40, Cbr40 Firmware, Rbk752 and 11 more 2024-11-21 9.6 Critical
Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11.
CVE-2020-26925 1 Netgear 2 Gs808e, Gs808e Firmware 2024-11-21 3.2 Low
NETGEAR GS808E devices before 1.7.1.0 are affected by denial of service.
CVE-2020-26924 1 Netgear 4 Wac720, Wac720 Firmware, Wac730 and 1 more 2024-11-21 3.1 Low
Certain NETGEAR devices are affected by disclosure of sensitive information. This affects WAC720 before 3.9.1.13 and WAC730 before 3.9.1.13.
CVE-2020-26923 1 Netgear 8 Wc7500, Wc7500 Firmware, Wc7600 and 5 more 2024-11-21 4.3 Medium
Certain NETGEAR devices are affected by stored XSS. This affects WC7500 before 6.5.5.24, WC7600 before 6.5.5.24, WC7600v2 before 6.5.5.24, and WC9500 before 6.5.5.24.
CVE-2020-26922 1 Netgear 8 Wc7500, Wc7500 Firmware, Wc7600 and 5 more 2024-11-21 6.4 Medium
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WC7500 before 6.5.5.24, WC7600 before 6.5.5.24, WC7600v2 before 6.5.5.24, and WC9500 before 6.5.5.24.
CVE-2020-26921 1 Netgear 8 Gs110emx, Gs110emx Firmware, Gs810emx and 5 more 2024-11-21 8.3 High
Certain NETGEAR devices are affected by authentication bypass. This affects GS110EMX before 1.0.1.7, GS810EMX before 1.7.1.3, XS512EM before 1.0.1.3, and XS724EM before 1.0.1.3.
CVE-2020-26920 1 Netgear 6 Srk60, Srk60 Firmware, Srr60 and 3 more 2024-11-21 8.8 High
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects SRK60 before 2.5.3.110, SRR60 before 2.5.3.110, and SRS60 before 2.5.3.110.
CVE-2020-26919 1 Netgear 2 Jgs516pe, Jgs516pe Firmware 2024-11-21 9.8 Critical
NETGEAR JGS516PE devices before 2.6.0.43 are affected by lack of access control at the function level.