Vulnerabilities > Netgear

DATE CVE VULNERABILITY TITLE RISK
2021-06-30 CVE-2021-35973 Improper Authentication vulnerability in Netgear Wac104 Firmware 1.0.4.13
NETGEAR WAC104 devices before 1.0.4.15 are affected by an authentication bypass vulnerability in /usr/sbin/mini_httpd, allowing an unauthenticated attacker to invoke any action by adding the &currentsetting.htm substring to the HTTP query, a related issue to CVE-2020-27866.
network
low complexity
netgear CWE-287
critical
10.0
2021-05-21 CVE-2021-33514 OS Command Injection vulnerability in Netgear products
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker via the vulnerable /sqfs/lib/libsal.so.0.0 library used by a CGI application, as demonstrated by setup.cgi?token=';$HTTP_USER_AGENT;' with an OS command in the User-Agent field.
network
low complexity
netgear CWE-78
critical
10.0
2021-04-26 CVE-2021-31802 Out-Of-Bounds Write vulnerability in Netgear R7000 Firmware
NETGEAR R7000 1.0.11.116 devices have a heap-based Buffer Overflow that is exploitable from the local network without authentication.
low complexity
netgear CWE-787
8.3
2021-04-14 CVE-2021-27253 Out-Of-Bounds Write vulnerability in Netgear products
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800.
low complexity
netgear CWE-787
8.3
2021-04-14 CVE-2021-27252 OS Command Injection vulnerability in Netgear products
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76.
low complexity
netgear CWE-78
8.3
2021-04-14 CVE-2021-27251 Cleartext Transmission of Sensitive Information vulnerability in Netgear products
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800.
low complexity
netgear CWE-319
8.3
2021-03-29 CVE-2021-27276 Path Traversal vulnerability in Netgear Prosafe Network Management System 1.6.0.26
This vulnerability allows remote attackers to delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26.
network
low complexity
netgear CWE-22
5.5
2021-03-29 CVE-2021-27275 Path Traversal vulnerability in Netgear Prosafe Network Management System 1.6.0.26
This vulnerability allows remote attackers to disclose sensitive information and delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26.
network
low complexity
netgear CWE-22
6.5
2021-03-29 CVE-2021-27274 Unrestricted Upload of File With Dangerous Type vulnerability in Netgear Prosafe Network Management System 1.6.0.26
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26.
network
low complexity
netgear CWE-434
critical
10.0
2021-03-29 CVE-2021-27273 OS Command Injection vulnerability in Netgear Prosafe Network Management System 1.6.0.26
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26.
network
low complexity
netgear CWE-78
critical
9.0