Vulnerabilities > Netgear > High

DATE CVE VULNERABILITY TITLE RISK
2021-03-23 CVE-2021-29070 Command Injection vulnerability in Netgear products
Certain NETGEAR devices are affected by command injection by an authenticated user.
low complexity
netgear CWE-77
8.4
2021-03-23 CVE-2021-29069 Command Injection vulnerability in Netgear Wnr2000V5 Firmware, Xr450 Firmware and Xr500 Firmware
Certain NETGEAR devices are affected by command injection by an authenticated user.
low complexity
netgear CWE-77
8.4
2021-03-23 CVE-2021-29068 Classic Buffer Overflow vulnerability in Netgear products
Certain NETGEAR devices are affected by a buffer overflow by an authenticated user.
network
low complexity
netgear CWE-120
8.8
2021-03-10 CVE-2020-35231 Improper Authentication vulnerability in Netgear Gs116E Firmware and Jgs516Pe Firmware
The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was affected by an authentication issue that allows an attacker to bypass access controls and obtain full control of the device.
low complexity
netgear CWE-287
8.8
2021-03-10 CVE-2020-35229 Session Fixation vulnerability in Netgear Gs116E Firmware and Jgs516Pe Firmware
The authentication token required to execute NSDP write requests on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices is not properly invalidated and can be reused until a new token is generated, which allows attackers (with access to network traffic) to effectively gain administrative privileges.
low complexity
netgear CWE-384
8.8
2021-03-10 CVE-2020-35227 Classic Buffer Overflow vulnerability in Netgear Gs116E Firmware and Jgs516Pe Firmware
A buffer overflow vulnerability in the access control section on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices (in the administration web panel) allows an attacker to inject IP addresses into the whitelist via the checkedList parameter to the delete command.
network
low complexity
netgear CWE-120
7.2
2021-03-10 CVE-2020-35226 Missing Authentication for Critical Function vulnerability in Netgear Gs116E Firmware and Jgs516Pe Firmware
NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allow unauthenticated users to modify the switch DHCP configuration by sending the corresponding write request command.
low complexity
netgear CWE-306
7.1
2021-03-10 CVE-2020-35223 Cross-Site Request Forgery (CSRF) vulnerability in Netgear Gs116E Firmware and Jgs516Pe Firmware
The CSRF protection mechanism implemented in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices could be bypassed by omitting the CSRF token parameter in HTTP requests.
network
low complexity
netgear CWE-352
8.8
2021-03-10 CVE-2020-35221 Inadequate Encryption Strength vulnerability in Netgear Gs116E Firmware and Jgs516Pe Firmware
The hashing algorithm implemented for NSDP password authentication on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was found to be insecure, allowing attackers (with access to a network capture) to quickly generate multiple collisions to generate valid passwords, or infer some parts of the original.
low complexity
netgear CWE-326
8.8
2021-03-05 CVE-2021-27256 Unspecified vulnerability in Netgear products
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76.
low complexity
netgear
8.8