Vulnerabilities > Netgear > R6900 Firmware > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-03-17 | CVE-2021-44261 | Missing Authentication for Critical Function vulnerability in Netgear products A vulnerability is in the 'BRS_top.html' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. | 5.3 |
2021-12-26 | CVE-2021-45550 | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 6.8 |
2021-08-11 | CVE-2021-38534 | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
2021-08-11 | CVE-2021-38535 | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
2021-08-11 | CVE-2021-38536 | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
2021-08-11 | CVE-2021-38537 | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
2021-02-12 | CVE-2020-27867 | Unspecified vulnerability in Netgear products This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. low complexity netgear | 6.8 |
2021-02-04 | CVE-2020-27873 | Incorrect Authorization vulnerability in Netgear products This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. | 6.5 |
2020-04-29 | CVE-2017-18853 | Information Exposure vulnerability in Netgear products Certain NETGEAR devices are affected by password recovery and file access. | 6.5 |
2020-04-28 | CVE-2018-21225 | OS Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 6.8 |