Vulnerabilities > Netgear > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-30 | CVE-2020-35791 | Command Injection vulnerability in Netgear R7800 Firmware, R8900 Firmware and R9000 Firmware Certain NETGEAR devices are affected by command injection by an authenticated user. | 6.7 |
| 2020-12-30 | CVE-2020-35790 | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 6.8 |
| 2020-12-30 | CVE-2020-35788 | Classic Buffer Overflow vulnerability in Netgear Wac104 Firmware 1.0.4.13 NETGEAR WAC104 devices before 1.0.4.13 are affected by a buffer overflow by an authenticated user. | 6.8 |
| 2020-12-30 | CVE-2020-35786 | Classic Buffer Overflow vulnerability in Netgear R7800 Firmware NETGEAR R7800 devices before 1.0.2.74 are affected by a buffer overflow by an authenticated user. | 4.5 |
| 2020-12-30 | CVE-2020-35783 | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by lack of access control at the function level. low complexity netgear | 6.5 |
| 2020-12-30 | CVE-2020-35781 | Unspecified vulnerability in Netgear Nms300 Firmware NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of service. | 6.5 |
| 2020-12-30 | CVE-2020-35780 | Unspecified vulnerability in Netgear Nms300 Firmware NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of service. | 6.5 |
| 2020-11-24 | CVE-2020-5641 | Cross-Site Request Forgery (CSRF) vulnerability in Netgear Gs108Ev3 Firmware 2.06.10 Cross-site request forgery (CSRF) vulnerability in GS108Ev3 firmware version 2.06.10 and earlier allows remote attackers to hijack the authentication of administrators and the product's settings may be changed without the user's intention or consent via unspecified vectors. | 6.5 |
| 2020-11-02 | CVE-2020-28041 | Incorrect Default Permissions vulnerability in Netgear Nighthawk R7000 Firmware 1.0.9.6410.2.64 The SIP ALG implementation on NETGEAR Nighthawk R7000 1.0.9.64_10.2.64 devices allows remote attackers to communicate with arbitrary TCP and UDP services on a victim's intranet machine, if the victim visits an attacker-controlled web site with a modern browser, aka NAT Slipstreaming. | 6.5 |
| 2020-10-13 | CVE-2020-17409 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Netgear products This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6120, R6080, R6260, R6220, R6020, JNR3210, and WNR2020 routers with firmware 1.0.66. | 6.5 |