Vulnerabilities > Netgear
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-11 | CVE-2021-38519 | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 7.2 |
| 2021-08-11 | CVE-2021-38520 | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 7.2 |
| 2021-08-11 | CVE-2021-38521 | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 7.2 |
| 2021-08-11 | CVE-2021-38522 | Out-of-bounds Write vulnerability in Netgear R6400 Firmware NETGEAR R6400 devices before 1.0.1.52 are affected by a stack-based buffer overflow by an authenticated user. | 7.2 |
| 2021-08-11 | CVE-2021-38523 | Out-of-bounds Write vulnerability in Netgear R6400 Firmware NETGEAR R6400 devices before 1.0.1.70 are affected by a stack-based buffer overflow by an authenticated user. | 7.2 |
| 2021-06-30 | CVE-2021-35973 | Incorrect Comparison vulnerability in Netgear Wac104 Firmware 1.0.4.13 NETGEAR WAC104 devices before 1.0.4.15 are affected by an authentication bypass vulnerability in /usr/sbin/mini_httpd, allowing an unauthenticated attacker to invoke any action by adding the ¤tsetting.htm substring to the HTTP query, a related issue to CVE-2020-27866. | 9.8 |
| 2021-05-21 | CVE-2021-33514 | OS Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker via the vulnerable /sqfs/lib/libsal.so.0.0 library used by a CGI application, as demonstrated by setup.cgi?token=';$HTTP_USER_AGENT;' with an OS command in the User-Agent field. | 9.8 |
| 2021-04-26 | CVE-2021-31802 | Out-of-bounds Write vulnerability in Netgear R7000 Firmware NETGEAR R7000 1.0.11.116 devices have a heap-based Buffer Overflow that is exploitable from the local network without authentication. | 8.8 |
| 2021-04-14 | CVE-2021-27253 | Out-of-bounds Write vulnerability in Netgear products This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. | 8.8 |
| 2021-04-14 | CVE-2021-27252 | OS Command Injection vulnerability in Netgear products This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. | 8.8 |