Vulnerabilities > Netgear > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-05 | CVE-2021-27256 | OS Command Injection vulnerability in Netgear products This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. | 8.3 |
| 2021-03-05 | CVE-2021-27255 | Missing Authentication for Critical Function vulnerability in Netgear products This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. | 8.3 |
| 2021-03-05 | CVE-2021-27254 | Use of Hard-coded Credentials vulnerability in Netgear products This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. | 8.3 |
| 2021-02-12 | CVE-2020-27867 | Command Injection vulnerability in Netgear products This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. | 7.7 |
| 2021-02-12 | CVE-2020-27866 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Netgear products This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. | 8.3 |
| 2021-02-12 | CVE-2020-27861 | OS Command Injection vulnerability in Netgear products This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi 2.5.1.16 routers. | 8.3 |
| 2020-12-30 | CVE-2020-35799 | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. | 7.5 |
| 2020-12-30 | CVE-2020-35798 | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 7.2 |
| 2020-12-30 | CVE-2020-35797 | Command Injection vulnerability in Netgear Nms300 Firmware NETGEAR NMS300 devices before 1.6.0.27 are affected by command injection by an unauthenticated attacker. | 7.5 |
| 2020-12-30 | CVE-2020-35795 | Classic Buffer Overflow vulnerability in Netgear products Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. | 7.5 |