Vulnerabilities > Netgear

DATE CVE VULNERABILITY TITLE RISK
2021-08-11 CVE-2021-38519 Command Injection vulnerability in Netgear products
Certain NETGEAR devices are affected by command injection by an authenticated user.
network
low complexity
netgear CWE-77
7.2
2021-08-11 CVE-2021-38520 Command Injection vulnerability in Netgear products
Certain NETGEAR devices are affected by command injection by an authenticated user.
network
low complexity
netgear CWE-77
7.2
2021-08-11 CVE-2021-38521 Command Injection vulnerability in Netgear products
Certain NETGEAR devices are affected by command injection by an authenticated user.
network
low complexity
netgear CWE-77
7.2
2021-08-11 CVE-2021-38522 Out-of-bounds Write vulnerability in Netgear R6400 Firmware
NETGEAR R6400 devices before 1.0.1.52 are affected by a stack-based buffer overflow by an authenticated user.
network
low complexity
netgear CWE-787
7.2
2021-08-11 CVE-2021-38523 Out-of-bounds Write vulnerability in Netgear R6400 Firmware
NETGEAR R6400 devices before 1.0.1.70 are affected by a stack-based buffer overflow by an authenticated user.
network
low complexity
netgear CWE-787
7.2
2021-06-30 CVE-2021-35973 Incorrect Comparison vulnerability in Netgear Wac104 Firmware 1.0.4.13
NETGEAR WAC104 devices before 1.0.4.15 are affected by an authentication bypass vulnerability in /usr/sbin/mini_httpd, allowing an unauthenticated attacker to invoke any action by adding the &currentsetting.htm substring to the HTTP query, a related issue to CVE-2020-27866.
network
low complexity
netgear CWE-697
critical
9.8
2021-05-21 CVE-2021-33514 OS Command Injection vulnerability in Netgear products
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker via the vulnerable /sqfs/lib/libsal.so.0.0 library used by a CGI application, as demonstrated by setup.cgi?token=';$HTTP_USER_AGENT;' with an OS command in the User-Agent field.
network
low complexity
netgear CWE-78
critical
9.8
2021-04-26 CVE-2021-31802 Out-of-bounds Write vulnerability in Netgear R7000 Firmware
NETGEAR R7000 1.0.11.116 devices have a heap-based Buffer Overflow that is exploitable from the local network without authentication.
low complexity
netgear CWE-787
8.8
2021-04-14 CVE-2021-27253 Out-of-bounds Write vulnerability in Netgear products
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800.
low complexity
netgear CWE-787
8.8
2021-04-14 CVE-2021-27252 Unspecified vulnerability in Netgear products
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76.
low complexity
netgear
8.8