Vulnerabilities > Netgear > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-12-30 CVE-2020-35791 Command Injection vulnerability in Netgear R7800 Firmware, R8900 Firmware and R9000 Firmware
Certain NETGEAR devices are affected by command injection by an authenticated user.
local
low complexity
netgear CWE-77
6.7
2020-12-30 CVE-2020-35790 Command Injection vulnerability in Netgear products
Certain NETGEAR devices are affected by command injection by an authenticated user.
low complexity
netgear CWE-77
6.8
2020-12-30 CVE-2020-35788 Classic Buffer Overflow vulnerability in Netgear Wac104 Firmware
NETGEAR WAC104 devices before 1.0.4.13 are affected by a buffer overflow by an authenticated user.
low complexity
netgear CWE-120
6.8
2020-12-30 CVE-2020-35786 Classic Buffer Overflow vulnerability in Netgear R7800 Firmware
NETGEAR R7800 devices before 1.0.2.74 are affected by a buffer overflow by an authenticated user.
low complexity
netgear CWE-120
4.5
2020-12-30 CVE-2020-35783 Unspecified vulnerability in Netgear products
Certain NETGEAR devices are affected by lack of access control at the function level.
low complexity
netgear
6.5
2020-12-30 CVE-2020-35781 Unspecified vulnerability in Netgear Nms300 Firmware
NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of service.
network
low complexity
netgear
6.5
2020-12-30 CVE-2020-35780 Unspecified vulnerability in Netgear Nms300 Firmware
NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of service.
network
low complexity
netgear
6.5
2020-11-24 CVE-2020-5641 Cross-Site Request Forgery (CSRF) vulnerability in Netgear Gs108Ev3 Firmware 2.06.10
Cross-site request forgery (CSRF) vulnerability in GS108Ev3 firmware version 2.06.10 and earlier allows remote attackers to hijack the authentication of administrators and the product's settings may be changed without the user's intention or consent via unspecified vectors.
network
low complexity
netgear CWE-352
6.5
2020-11-02 CVE-2020-28041 Incorrect Default Permissions vulnerability in Netgear Nighthawk R7000 Firmware 1.0.9.6410.2.64
The SIP ALG implementation on NETGEAR Nighthawk R7000 1.0.9.64_10.2.64 devices allows remote attackers to communicate with arbitrary TCP and UDP services on a victim's intranet machine, if the victim visits an attacker-controlled web site with a modern browser, aka NAT Slipstreaming.
network
low complexity
netgear CWE-276
6.5
2020-10-13 CVE-2020-17409 Unspecified vulnerability in Netgear products
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6120, R6080, R6260, R6220, R6020, JNR3210, and WNR2020 routers with firmware 1.0.66.
low complexity
netgear
6.5