Vulnerabilities > Netgear > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-10 | CVE-2020-35227 | Classic Buffer Overflow vulnerability in Netgear Gs116E Firmware and Jgs516Pe Firmware A buffer overflow vulnerability in the access control section on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices (in the administration web panel) allows an attacker to inject IP addresses into the whitelist via the checkedList parameter to the delete command. | 7.2 |
| 2021-03-10 | CVE-2020-35226 | Missing Authentication for Critical Function vulnerability in Netgear Gs116E Firmware and Jgs516Pe Firmware NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allow unauthenticated users to modify the switch DHCP configuration by sending the corresponding write request command. | 7.1 |
| 2021-03-10 | CVE-2020-35223 | Cross-Site Request Forgery (CSRF) vulnerability in Netgear Gs116E Firmware and Jgs516Pe Firmware The CSRF protection mechanism implemented in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices could be bypassed by omitting the CSRF token parameter in HTTP requests. | 8.8 |
| 2021-03-10 | CVE-2020-35221 | Inadequate Encryption Strength vulnerability in Netgear Gs116E Firmware and Jgs516Pe Firmware The hashing algorithm implemented for NSDP password authentication on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was found to be insecure, allowing attackers (with access to a network capture) to quickly generate multiple collisions to generate valid passwords, or infer some parts of the original. | 8.8 |
| 2021-03-05 | CVE-2021-27256 | Unspecified vulnerability in Netgear products This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. low complexity netgear | 8.8 |
| 2021-03-05 | CVE-2021-27255 | Unspecified vulnerability in Netgear products This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. low complexity netgear | 8.8 |
| 2021-03-05 | CVE-2021-27254 | Use of Hard-coded Credentials vulnerability in Netgear products This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. | 8.8 |
| 2021-02-12 | CVE-2020-27866 | Unspecified vulnerability in Netgear products This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. low complexity netgear | 8.8 |
| 2021-02-12 | CVE-2020-27861 | Unspecified vulnerability in Netgear products This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi 2.5.1.16 routers. low complexity netgear | 8.8 |
| 2021-02-04 | CVE-2020-27872 | Exposure of Resource to Wrong Sphere vulnerability in Netgear products This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. | 8.8 |