Vulnerabilities > Netgear > R6900 Firmware > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-17 | CVE-2021-44261 | Missing Authentication for Critical Function vulnerability in Netgear products A vulnerability is in the 'BRS_top.html' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. | 5.3 |
| 2021-12-26 | CVE-2021-45550 | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 6.8 |
| 2021-08-11 | CVE-2021-38534 | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
| 2021-08-11 | CVE-2021-38535 | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
| 2021-08-11 | CVE-2021-38536 | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
| 2021-08-11 | CVE-2021-38537 | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
| 2021-02-12 | CVE-2020-27867 | Command Injection vulnerability in Netgear products This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. | 6.8 |
| 2021-02-04 | CVE-2020-27873 | Incorrect Authorization vulnerability in Netgear products This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. | 6.5 |
| 2020-04-29 | CVE-2017-18853 | Information Exposure vulnerability in Netgear products Certain NETGEAR devices are affected by password recovery and file access. | 6.5 |
| 2020-04-28 | CVE-2018-21225 | OS Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 6.8 |