High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-06-18	CVE-2020-14434	Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. low complexity netgear CWE-74	7.7
2020-06-08	CVE-2020-12695	Incorrect Default Permissions vulnerability in multiple products The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. network high complexity ui w1-fi asus broadcom canon cisco dlink dell epson hp huawei nec netgear ruckussecurity tp-link zte zyxel microsoft fedoraproject debian canonical CWE-276	7.5
2020-05-18	CVE-2020-11549	Use of Hard-coded Credentials vulnerability in Netgear Rbs50Y Firmware, Srr60 Firmware and Srs60 Firmware An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 V2.5.1.106. low complexity netgear CWE-798	8.3
2020-04-29	CVE-2017-18855	Injection vulnerability in Netgear Wnr854T Firmware NETGEAR WNR854T devices before 1.5.2 are affected by command execution. low complexity netgear CWE-74	8.3
2020-04-28	CVE-2017-18857	Weak Password Requirements vulnerability in Netgear Insight The NETGEAR Insight application before 2.42 for Android and iOS is affected by password mismanagement. network low complexity netgear CWE-521	7.5
2020-04-28	CVE-2017-18861	Cross-Site Request Forgery (CSRF) vulnerability in Netgear Readynas Surveillance 1.1.45/1.4.315 Certain NETGEAR devices are affected by CSRF. netgear CWE-352	7.9
2020-04-27	CVE-2018-21153	Classic Buffer Overflow vulnerability in Netgear products Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. network low complexity netgear CWE-120	7.5
2020-04-27	CVE-2018-21097	Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. network low complexity netgear CWE-787	7.5
2020-04-27	CVE-2018-21094	Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by incorrect configuration of security settings. network low complexity netgear	7.5
2020-04-23	CVE-2018-21162	OS Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. network low complexity netgear CWE-78	7.5