Vulnerabilities > Netgear > High

DATE CVE VULNERABILITY TITLE RISK
2021-03-23 CVE-2021-29080 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Netgear products
Certain NETGEAR devices are affected by password reset by an unauthenticated attacker.
low complexity
netgear CWE-640
8.1
8.1
2021-03-23 CVE-2021-29075 Out-of-bounds Write vulnerability in Netgear products
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.
low complexity
netgear CWE-787
8.4
8.4
2021-03-23 CVE-2021-29074 Out-of-bounds Write vulnerability in Netgear products
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.
low complexity
netgear CWE-787
8.4
8.4
2021-03-23 CVE-2021-29073 Out-of-bounds Write vulnerability in Netgear products
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.
low complexity
netgear CWE-787
8.4
8.4
2021-03-23 CVE-2021-29072 Command Injection vulnerability in Netgear products
Certain NETGEAR devices are affected by command injection by an authenticated user.
low complexity
netgear CWE-77
8.4
8.4
2021-03-23 CVE-2021-29070 Command Injection vulnerability in Netgear products
Certain NETGEAR devices are affected by command injection by an authenticated user.
low complexity
netgear CWE-77
8.4
8.4
2021-03-23 CVE-2021-29069 Command Injection vulnerability in Netgear Wnr2000V5 Firmware, Xr450 Firmware and Xr500 Firmware
Certain NETGEAR devices are affected by command injection by an authenticated user.
low complexity
netgear CWE-77
8.4
8.4
2021-03-23 CVE-2021-29068 Classic Buffer Overflow vulnerability in Netgear products
Certain NETGEAR devices are affected by a buffer overflow by an authenticated user.
network
low complexity
netgear CWE-120
8.8
8.8
2021-03-10 CVE-2020-35231 Improper Authentication vulnerability in Netgear Gs116E Firmware and Jgs516Pe Firmware
The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was affected by an authentication issue that allows an attacker to bypass access controls and obtain full control of the device.
low complexity
netgear CWE-287
8.8
8.8
2021-03-10 CVE-2020-35229 Session Fixation vulnerability in Netgear Gs116E Firmware and Jgs516Pe Firmware
The authentication token required to execute NSDP write requests on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices is not properly invalidated and can be reused until a new token is generated, which allows attackers (with access to network traffic) to effectively gain administrative privileges.
low complexity
netgear CWE-384
8.8
8.8