Vulnerabilities > Netgear > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-08-11 CVE-2021-38538 Cross-site Scripting vulnerability in Netgear products
Certain NETGEAR devices are affected by stored XSS.
network
low complexity
netgear CWE-79
6.1
2021-08-11 CVE-2021-38524 Out-of-bounds Write vulnerability in Netgear products
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.
network
low complexity
netgear CWE-787
4.9
2021-03-10 CVE-2020-35233 Resource Exhaustion vulnerability in Netgear Gs116E Firmware and Jgs516Pe Firmware
The TFTP server fails to handle multiple connections on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices, and allows external attackers to force device reboots by sending concurrent connections, aka a denial of service attack.
low complexity
netgear CWE-400
6.5
2021-03-10 CVE-2020-35230 Integer Overflow or Wraparound vulnerability in Netgear Gs116E Firmware and Jgs516Pe Firmware
Multiple integer overflow parameters were found in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices.
low complexity
netgear CWE-190
6.8
2021-03-10 CVE-2020-35228 Cross-site Scripting vulnerability in Netgear Gs116E Firmware and Jgs516Pe Firmware
A cross-site scripting (XSS) vulnerability in the administration web panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allows remote attackers to inject arbitrary web script or HTML via the language parameter.
network
low complexity
netgear CWE-79
4.8
2021-03-10 CVE-2020-35225 Classic Buffer Overflow vulnerability in Netgear Gs116E Firmware and Jgs516Pe Firmware
The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was not properly validating the length of string parameters sent in write requests, potentially allowing denial of service attacks.
low complexity
netgear CWE-120
6.8
2021-03-10 CVE-2020-35224 Classic Buffer Overflow vulnerability in Netgear Gs116E Firmware and Jgs516Pe Firmware
A buffer overflow vulnerability in the NSDP protocol authentication method on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allows remote unauthenticated attackers to force a device reboot.
low complexity
netgear CWE-120
6.5
2021-03-05 CVE-2021-27257 Unspecified vulnerability in Netgear products
This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R7800 firmware version 1.0.2.76.
low complexity
netgear
6.5
2021-02-12 CVE-2020-27867 Unspecified vulnerability in Netgear products
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers.
low complexity
netgear
6.8
2021-02-04 CVE-2020-27873 Incorrect Authorization vulnerability in Netgear products
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers.
low complexity
netgear CWE-863
6.5