Vulnerabilities > Netgear > Rax40 Firmware

DATE CVE VULNERABILITY TITLE RISK
2023-03-29 CVE-2022-27642 Unspecified vulnerability in Netgear products
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers.
low complexity
netgear
8.8
2023-03-29 CVE-2022-27647 Unspecified vulnerability in Netgear products
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers.
low complexity
netgear
8.0
2023-03-29 CVE-2022-27645 Unspecified vulnerability in Netgear products
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers.
low complexity
netgear
8.8
2022-12-30 CVE-2022-48196 Classic Buffer Overflow vulnerability in Netgear products
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker.
network
low complexity
netgear CWE-120
critical
9.8
2021-12-26 CVE-2021-45493 Information Exposure vulnerability in Netgear Rax35 Firmware, Rax38 Firmware and Rax40 Firmware
Certain NETGEAR devices are affected by disclosure of administrative credentials.
network
low complexity
netgear CWE-200
7.5
2021-12-26 CVE-2021-45549 Command Injection vulnerability in Netgear products
Certain NETGEAR devices are affected by command injection by an authenticated user.
low complexity
netgear CWE-77
6.8
2021-12-26 CVE-2021-45604 Out-of-bounds Write vulnerability in Netgear products
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.
low complexity
netgear CWE-787
4.5
2021-12-26 CVE-2021-45672 Cross-site Scripting vulnerability in Netgear products
Certain NETGEAR devices are affected by Stored XSS.
network
low complexity
netgear CWE-79
4.8
2021-12-09 CVE-2021-41449 Path Traversal vulnerability in Netgear Rax35 Firmware, Rax38 Firmware and Rax40 Firmware
A path traversal attack in web interfaces of Netgear RAX35, RAX38, and RAX40 routers before v1.0.4.102, allows a remote unauthenticated attacker to gain access to sensitive restricted information, such as forbidden files of the web application, via sending a specially crafted HTTP packet.
local
low complexity
netgear CWE-22
7.1
2021-08-11 CVE-2021-38533 Cross-site Scripting vulnerability in Netgear Rax40 Firmware 1.0.3.62
NETGEAR RAX40 devices before 1.0.3.64 are affected by stored XSS.
network
low complexity
netgear CWE-79
5.4