Vulnerabilities > Netgear > R6700 Firmware > 1.0.4.120

DATE CVE VULNERABILITY TITLE RISK
2021-12-30 CVE-2021-20173 OS Command Injection vulnerability in Netgear R6700 Firmware 1.0.4.120
Netgear Nighthawk R6700 version 1.0.4.120 contains a command injection vulnerability in update functionality of the device.
network
low complexity
netgear CWE-78
6.5
6.5
2021-12-30 CVE-2021-20174 Cleartext Transmission of Sensitive Information vulnerability in Netgear R6700 Firmware 1.0.4.120
Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure communication methods to the web interface.
network
low complexity
netgear CWE-319
5.0
5.0
2021-12-30 CVE-2021-20175 Cleartext Transmission of Sensitive Information vulnerability in Netgear R6700 Firmware 1.0.4.120
Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure communication methods to the SOAP interface.
network
low complexity
netgear CWE-319
5.0
5.0
2021-12-30 CVE-2021-23147 Improper Authentication vulnerability in Netgear R6700 Firmware 1.0.4.120
Netgear Nighthawk R6700 version 1.0.4.120 does not have sufficient protections for the UART console.
local
low complexity
netgear CWE-287
7.2
7.2
2021-12-30 CVE-2021-45077 Cleartext Storage of Sensitive Information vulnerability in Netgear R6700 Firmware 1.0.4.120
Netgear Nighthawk R6700 version 1.0.4.120 stores sensitive information in plaintext.
network
low complexity
netgear CWE-312
5.0
5.0
2021-12-30 CVE-2021-45732 Use of Hard-coded Credentials vulnerability in Netgear R6700 Firmware 1.0.4.120
Netgear Nighthawk R6700 version 1.0.4.120 makes use of a hardcoded credential.
network
low complexity
netgear CWE-798
6.5
6.5