Vulnerabilities > Netgear > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-11 | CVE-2021-38533 | Cross-site Scripting vulnerability in Netgear Rax40 Firmware 1.0.3.62 NETGEAR RAX40 devices before 1.0.3.64 are affected by stored XSS. | 5.4 |
| 2021-08-11 | CVE-2021-38534 | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
| 2021-08-11 | CVE-2021-38535 | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
| 2021-08-11 | CVE-2021-38536 | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
| 2021-08-11 | CVE-2021-38537 | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
| 2021-08-11 | CVE-2021-38538 | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 6.1 |
| 2021-08-11 | CVE-2021-38524 | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. | 4.9 |
| 2021-03-10 | CVE-2020-35233 | Resource Exhaustion vulnerability in Netgear Gs116E Firmware and Jgs516Pe Firmware The TFTP server fails to handle multiple connections on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices, and allows external attackers to force device reboots by sending concurrent connections, aka a denial of service attack. | 6.5 |
| 2021-03-10 | CVE-2020-35230 | Integer Overflow or Wraparound vulnerability in Netgear Gs116E Firmware and Jgs516Pe Firmware Multiple integer overflow parameters were found in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices. | 6.8 |
| 2021-03-10 | CVE-2020-35228 | Cross-site Scripting vulnerability in Netgear Gs116E Firmware and Jgs516Pe Firmware A cross-site scripting (XSS) vulnerability in the administration web panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allows remote attackers to inject arbitrary web script or HTML via the language parameter. | 4.8 |