Vulnerabilities > Netgear > Rax43 Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-29 | CVE-2022-27645 | Missing Authentication for Critical Function vulnerability in Netgear products This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. | 8.8 |
| 2021-12-30 | CVE-2021-20166 | Classic Buffer Overflow vulnerability in Netgear Rax43 Firmware 1.0.3.96 Netgear RAX43 version 1.0.3.96 contains a buffer overrun vulnerability. | 5.8 |
| 2021-12-30 | CVE-2021-20167 | Command Injection vulnerability in Netgear Rax43 Firmware 1.0.3.96 Netgear RAX43 version 1.0.3.96 contains a command injection vulnerability. | 7.7 |
| 2021-12-30 | CVE-2021-20168 | Improper Authentication vulnerability in Netgear Rax43 Firmware 1.0.3.96 Netgear RAX43 version 1.0.3.96 does not have sufficient protections to the UART interface. | 7.2 |
| 2021-12-30 | CVE-2021-20169 | Cleartext Transmission of Sensitive Information vulnerability in Netgear Rax43 Firmware 1.0.3.96 Netgear RAX43 version 1.0.3.96 does not utilize secure communications to the web interface. | 7.2 |
| 2021-12-30 | CVE-2021-20170 | Use of Hard-coded Credentials vulnerability in Netgear Rax43 Firmware 1.0.3.96 Netgear RAX43 version 1.0.3.96 makes use of hardcoded credentials. | 6.5 |
| 2021-12-30 | CVE-2021-20171 | Cleartext Storage of Sensitive Information vulnerability in Netgear Rax43 Firmware 1.0.3.96 Netgear RAX43 version 1.0.3.96 stores sensitive information in plaintext. | 2.1 |
| 2021-12-26 | CVE-2021-45549 | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 5.2 |
| 2021-12-26 | CVE-2021-45604 | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. | 2.7 |
| 2021-12-26 | CVE-2021-45612 | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 10.0 |