Vulnerabilities > Netgear > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-04-23 CVE-2018-21133 Out-of-bounds Write vulnerability in Netgear Wac505 Firmware and Wac510 Firmware
Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.
network
low complexity
netgear CWE-787
critical
 9.8
9.8
2020-04-23 CVE-2018-21132 Missing Authentication for Critical Function vulnerability in Netgear Wac505 Firmware and Wac510 Firmware
Certain NETGEAR devices are affected by authentication bypass.
network
low complexity
netgear CWE-306
critical
 9.8
9.8
2020-04-23 CVE-2018-21131 Unspecified vulnerability in Netgear Wac505 Firmware and Wac510 Firmware
Certain NETGEAR devices are affected by unauthenticated firmware downgrade.
network
low complexity
netgear
critical
 9.1
9.1
2020-04-16 CVE-2019-20730 SQL Injection vulnerability in Netgear products
Certain NETGEAR devices are affected by SQL injection.
network
low complexity
netgear CWE-89
critical
 9.8
9.8
2020-04-16 CVE-2019-20699 Classic Buffer Overflow vulnerability in Netgear products
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker.
network
low complexity
netgear CWE-120
critical
 9.8
9.8
2020-04-15 CVE-2019-20679 Unspecified vulnerability in Netgear Mr1100 Firmware 12.05.05.00/12.06.03
NETGEAR MR1100 devices before 12.06.08.00 are affected by lack of access control at the function level.
network
low complexity
netgear
critical
 9.8
9.8
2020-04-15 CVE-2020-11790 Unspecified vulnerability in Netgear R7800 Firmware
NETGEAR R7800 devices before 1.0.2.68 are affected by remote code execution by unauthenticated attackers.
network
low complexity
netgear
critical
 9.8
9.8
2020-04-15 CVE-2020-11789 Command Injection vulnerability in Netgear products
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.
network
low complexity
netgear CWE-77
critical
 9.8
9.8
2020-04-15 CVE-2019-20646 Information Exposure vulnerability in Netgear Rax40 Firmware 1.0.3.62
NETGEAR RAX40 devices before 1.0.3.64 are affected by disclosure of administrative credentials.
network
low complexity
netgear CWE-200
critical
 9.8
9.8
2020-04-01 CVE-2018-11106 Command Injection vulnerability in Netgear products
NETGEAR has released fixes for a pre-authentication command injection in request_handler.php security vulnerability on the following product models: WC7500, running firmware versions prior to 6.5.3.5; WC7520, running firmware versions prior to 2.5.0.46; WC7600v1, running firmware versions prior to 6.5.3.5; WC7600v2, running firmware versions prior to 6.5.3.5; and WC9500, running firmware versions prior to 6.5.3.5.
network
low complexity
netgear CWE-77
critical
 9.8
9.8