Vulnerabilities > Netgear > R6900 Firmware > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-03-17 CVE-2021-44261 Missing Authentication for Critical Function vulnerability in Netgear products
A vulnerability is in the 'BRS_top.html' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication.
network
low complexity
netgear CWE-306
5.3
2021-12-26 CVE-2021-45550 Command Injection vulnerability in Netgear products
Certain NETGEAR devices are affected by command injection by an authenticated user.
low complexity
netgear CWE-77
6.8
2021-08-11 CVE-2021-38534 Cross-site Scripting vulnerability in Netgear products
Certain NETGEAR devices are affected by stored XSS.
network
low complexity
netgear CWE-79
4.8
2021-08-11 CVE-2021-38535 Cross-site Scripting vulnerability in Netgear products
Certain NETGEAR devices are affected by stored XSS.
network
low complexity
netgear CWE-79
4.8
2021-08-11 CVE-2021-38536 Cross-site Scripting vulnerability in Netgear products
Certain NETGEAR devices are affected by stored XSS.
network
low complexity
netgear CWE-79
4.8
2021-08-11 CVE-2021-38537 Cross-site Scripting vulnerability in Netgear products
Certain NETGEAR devices are affected by stored XSS.
network
low complexity
netgear CWE-79
4.8
2021-02-12 CVE-2020-27867 Unspecified vulnerability in Netgear products
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers.
low complexity
netgear
6.8
2021-02-04 CVE-2020-27873 Incorrect Authorization vulnerability in Netgear products
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers.
low complexity
netgear CWE-863
6.5
2020-04-29 CVE-2017-18853 Information Exposure vulnerability in Netgear products
Certain NETGEAR devices are affected by password recovery and file access.
low complexity
netgear CWE-200
6.5
2020-04-28 CVE-2018-21225 OS Command Injection vulnerability in Netgear products
Certain NETGEAR devices are affected by command injection by an authenticated user.
low complexity
netgear CWE-78
6.8