Vulnerabilities > Netgear > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-21 | CVE-2022-38458 | Cleartext Transmission of Sensitive Information vulnerability in Netgear Rbs750 Firmware 4.6.8.5 A cleartext transmission vulnerability exists in the Remote Management functionality of Netgear Orbi Router RBR750 4.6.8.5. | 5.9 |
| 2023-03-10 | CVE-2023-27850 | Unspecified vulnerability in Netgear Rax30 Firmware NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that allows users with access to this feature to access arbitrary files on the device. low complexity netgear | 6.8 |
| 2023-01-26 | CVE-2022-47052 | Injection vulnerability in Netgear Ac1200 R6220 Firmware 1.1.0.1121.0.1/1.1.0.1141.0.1 The web interface of the 'Nighthawk R6220 AC1200 Smart Wi-Fi Router' is vulnerable to a CRLF Injection attack that can be leveraged to perform Reflected XSS and HTML Injection. | 6.1 |
| 2022-12-20 | CVE-2022-46422 | Unspecified vulnerability in Netgear Wnr2000 Firmware An issue in Netgear WNR2000 v1 1.2.3.7 and earlier allows authenticated attackers to cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update process. | 4.8 |
| 2022-09-20 | CVE-2022-38956 | Improper Validation of Integrity Check Value vulnerability in Netgear Wpn824Ext Firmware 1.1.11.1.9 An exploitable firmware downgrade vulnerability was discovered on the Netgear WPN824EXT WiFi Range Extender. | 5.3 |
| 2022-06-17 | CVE-2022-31876 | Unspecified vulnerability in Netgear Wnap320 Firmware 2.0.3 netgear wnap320 router WNAP320_V2.0.3_firmware is vulnerable to Incorrect Access Control via /recreate.php, which can leak all users cookies. | 5.3 |
| 2022-03-17 | CVE-2021-44261 | Missing Authentication for Critical Function vulnerability in Netgear products A vulnerability is in the 'BRS_top.html' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. | 5.0 |
| 2022-03-17 | CVE-2021-44262 | Missing Authentication for Critical Function vulnerability in Netgear products A vulnerability is in the 'MNU_top.htm' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. | 5.0 |
| 2022-03-04 | CVE-2021-46382 | Cross-site Scripting vulnerability in Netgear Wac120 AC Firmware Unauthenticated cross-site scripting (XSS) in Netgear WAC120 AC Access Point may lead to mulitple attacks like session hijacking even clipboard hijacking. | 4.3 |
| 2022-01-13 | CVE-2021-34977 | Improper Authentication vulnerability in Netgear R7000 Firmware 1.0.11.11610.2.100 This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7000 1.0.11.116_10.2.100 routers. | 5.8 |