Vulnerabilities > Netgear > D3600 Firmware > High

DATE CVE VULNERABILITY TITLE RISK
2020-04-16 CVE-2019-20702 Command Injection vulnerability in Netgear D3600 Firmware, D6000 Firmware and Xr500 Firmware
Certain NETGEAR devices are affected by command injection by an authenticated user.
low complexity
netgear CWE-77
8.0
8.0
2020-04-16 CVE-2019-20701 Command Injection vulnerability in Netgear D3600 Firmware, D6000 Firmware and Xr500 Firmware
Certain NETGEAR devices are affected by command injection by an authenticated user.
low complexity
netgear CWE-77
8.0
8.0
2020-04-16 CVE-2019-20691 Cross-Site Request Forgery (CSRF) vulnerability in Netgear products
Certain NETGEAR devices are affected by CSRF.
network
low complexity
netgear CWE-352
8.8
8.8
2020-04-16 CVE-2019-20685 Out-of-bounds Write vulnerability in Netgear products
Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.
low complexity
netgear CWE-787
8.8
8.8
2020-04-16 CVE-2019-20684 Out-of-bounds Write vulnerability in Netgear products
Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.
low complexity
netgear CWE-787
8.8
8.8
2020-04-16 CVE-2019-20683 Out-of-bounds Write vulnerability in Netgear products
Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.
low complexity
netgear CWE-787
8.8
8.8
2020-04-16 CVE-2019-20682 Out-of-bounds Write vulnerability in Netgear products
Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.
low complexity
netgear CWE-787
8.8
8.8
2020-04-15 CVE-2019-20640 Out-of-bounds Write vulnerability in Netgear products
Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.
low complexity
netgear CWE-787
8.8
8.8
2020-04-15 CVE-2019-20767 Out-of-bounds Write vulnerability in Netgear products
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.
network
low complexity
netgear CWE-787
7.2
7.2
2016-06-20 CVE-2015-8289 Information Exposure vulnerability in Netgear D3600 Firmware and D6000 Firmware
The password-recovery feature on NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier allows remote attackers to discover the cleartext administrator password by reading the cgi-bin/passrec.asp HTML source code.
network
low complexity
netgear CWE-200
7.5
7.5