Vulnerabilities > Netgear > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-21 | CVE-2021-40847 | Cleartext Transmission of Sensitive Information vulnerability in Netgear products The update process of the Circle Parental Control Service on various NETGEAR routers allows remote attackers to achieve remote code execution as root via a MitM attack. | 9.3 |
| 2021-09-17 | CVE-2021-41383 | Command Injection vulnerability in Netgear R6020 Firmware 1.0.0.48 setup.cgi on NETGEAR R6020 1.0.0.48 devices allows an admin to execute arbitrary shell commands via shell metacharacters in the ntp_server field. | 9.0 |
| 2021-08-11 | CVE-2021-38528 | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 10.0 |
| 2021-08-11 | CVE-2021-38513 | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by authentication bypass. | 10.0 |
| 2021-08-11 | CVE-2021-38516 | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by lack of access control at the function level. | 10.0 |
| 2021-06-30 | CVE-2021-35973 | Incorrect Comparison vulnerability in Netgear Wac104 Firmware 1.0.4.13 NETGEAR WAC104 devices before 1.0.4.15 are affected by an authentication bypass vulnerability in /usr/sbin/mini_httpd, allowing an unauthenticated attacker to invoke any action by adding the ¤tsetting.htm substring to the HTTP query, a related issue to CVE-2020-27866. | 10.0 |
| 2021-05-21 | CVE-2021-33514 | OS Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker via the vulnerable /sqfs/lib/libsal.so.0.0 library used by a CGI application, as demonstrated by setup.cgi?token=';$HTTP_USER_AGENT;' with an OS command in the User-Agent field. | 10.0 |
| 2021-03-29 | CVE-2021-27274 | Unrestricted Upload of File with Dangerous Type vulnerability in Netgear Prosafe Network Management System 1.6.0.26 This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. | 10.0 |
| 2021-03-29 | CVE-2021-27273 | OS Command Injection vulnerability in Netgear Prosafe Network Management System 1.6.0.26 This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. | 9.0 |
| 2020-12-30 | CVE-2020-35800 | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by incorrect configuration of security settings. | 9.7 |