Vulnerabilities > Netgear
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-23 | CVE-2021-29069 | Command Injection vulnerability in Netgear Wnr2000V5 Firmware, Xr450 Firmware and Xr500 Firmware Certain NETGEAR devices are affected by command injection by an authenticated user. | 8.4 |
| 2021-03-23 | CVE-2021-29068 | Classic Buffer Overflow vulnerability in Netgear products Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. | 8.8 |
| 2021-03-23 | CVE-2021-29067 | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by authentication bypass. | 9.6 |
| 2021-03-23 | CVE-2021-29066 | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by authentication bypass. | 9.6 |
| 2021-03-23 | CVE-2021-29065 | Unspecified vulnerability in Netgear Rbr850 Firmware NETGEAR RBR850 devices before 3.2.10.11 are affected by authentication bypass. | 9.6 |
| 2021-03-10 | CVE-2020-35233 | Resource Exhaustion vulnerability in Netgear Gs116E Firmware and Jgs516Pe Firmware The TFTP server fails to handle multiple connections on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices, and allows external attackers to force device reboots by sending concurrent connections, aka a denial of service attack. | 6.5 |
| 2021-03-10 | CVE-2020-35231 | Improper Authentication vulnerability in Netgear Gs116E Firmware and Jgs516Pe Firmware The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was affected by an authentication issue that allows an attacker to bypass access controls and obtain full control of the device. | 8.8 |
| 2021-03-10 | CVE-2020-35230 | Integer Overflow or Wraparound vulnerability in Netgear Gs116E Firmware and Jgs516Pe Firmware Multiple integer overflow parameters were found in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices. | 6.8 |
| 2021-03-10 | CVE-2020-35229 | Session Fixation vulnerability in Netgear Gs116E Firmware and Jgs516Pe Firmware The authentication token required to execute NSDP write requests on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices is not properly invalidated and can be reused until a new token is generated, which allows attackers (with access to network traffic) to effectively gain administrative privileges. | 8.8 |
| 2021-03-10 | CVE-2020-35228 | Cross-site Scripting vulnerability in Netgear Gs116E Firmware and Jgs516Pe Firmware A cross-site scripting (XSS) vulnerability in the administration web panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allows remote attackers to inject arbitrary web script or HTML via the language parameter. | 4.8 |