Vulnerabilities > Netgear > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-06-18 | CVE-2020-14434 | Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 7.7 |
2020-06-08 | CVE-2020-12695 | Incorrect Default Permissions vulnerability in multiple products The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. | 7.5 |
2020-05-18 | CVE-2020-11549 | Use of Hard-coded Credentials vulnerability in Netgear Rbs50Y Firmware, Srr60 Firmware and Srs60 Firmware An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 V2.5.1.106. | 8.3 |
2020-04-29 | CVE-2017-18855 | Injection vulnerability in Netgear Wnr854T Firmware NETGEAR WNR854T devices before 1.5.2 are affected by command execution. | 8.3 |
2020-04-28 | CVE-2017-18857 | Weak Password Requirements vulnerability in Netgear Insight The NETGEAR Insight application before 2.42 for Android and iOS is affected by password mismanagement. | 7.5 |
2020-04-28 | CVE-2017-18861 | Cross-Site Request Forgery (CSRF) vulnerability in Netgear Readynas Surveillance 1.1.45/1.4.315 Certain NETGEAR devices are affected by CSRF. | 7.9 |
2020-04-27 | CVE-2018-21153 | Classic Buffer Overflow vulnerability in Netgear products Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. | 7.5 |
2020-04-27 | CVE-2018-21097 | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. | 7.5 |
2020-04-27 | CVE-2018-21094 | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by incorrect configuration of security settings. | 7.5 |
2020-04-23 | CVE-2018-21162 | OS Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 7.5 |