Filtered by vendor Netgear
Subscriptions
Filtered by product Rax75 Firmware
Subscriptions
Total
63 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-27645 | 1 Netgear | 46 Lax20, Lax20 Firmware, R6400 and 43 more | 2024-08-03 | 8.8 High |
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15762. | ||||
CVE-2022-27646 | 1 Netgear | 48 Cbr40, Cbr40 Firmware, Lbr1020 and 45 more | 2024-08-03 | 8.8 High |
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the circled daemon. A crafted circleinfo.txt file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15879. | ||||
CVE-2023-36187 | 1 Netgear | 30 Cbr40, Cbr40 Firmware, Lax20 and 27 more | 2024-08-02 | 9.8 Critical |
Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthenticated attackers to execute arbitrary code via crafted URL to httpd. |