Vulnerabilities > Netgear > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-10 | CVE-2023-27850 | Unspecified vulnerability in Netgear Rax30 Firmware NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that allows users with access to this feature to access arbitrary files on the device. low complexity netgear | 6.8 |
| 2023-01-26 | CVE-2022-47052 | Injection vulnerability in Netgear Ac1200 R6220 Firmware 1.1.0.1121.0.1/1.1.0.1141.0.1 The web interface of the 'Nighthawk R6220 AC1200 Smart Wi-Fi Router' is vulnerable to a CRLF Injection attack that can be leveraged to perform Reflected XSS and HTML Injection. | 6.1 |
| 2022-12-20 | CVE-2022-46422 | Unspecified vulnerability in Netgear Wnr2000 Firmware An issue in Netgear WNR2000 v1 1.2.3.7 and earlier allows authenticated attackers to cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update process. | 4.8 |
| 2022-09-20 | CVE-2022-38956 | Improper Validation of Integrity Check Value vulnerability in Netgear Wpn824Ext Firmware 1.1.11.1.9 An exploitable firmware downgrade vulnerability was discovered on the Netgear WPN824EXT WiFi Range Extender. | 5.3 |
| 2022-06-17 | CVE-2022-31876 | Unspecified vulnerability in Netgear Wnap320 Firmware 2.0.3 netgear wnap320 router WNAP320_V2.0.3_firmware is vulnerable to Incorrect Access Control via /recreate.php, which can leak all users cookies. | 5.3 |
| 2022-03-17 | CVE-2021-44261 | Missing Authentication for Critical Function vulnerability in Netgear products A vulnerability is in the 'BRS_top.html' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. | 5.3 |
| 2022-03-04 | CVE-2021-46382 | Cross-site Scripting vulnerability in Netgear Wac120 AC Firmware Unauthenticated cross-site scripting (XSS) in Netgear WAC120 AC Access Point may lead to mulitple attacks like session hijacking even clipboard hijacking. | 6.1 |
| 2022-01-25 | CVE-2021-34870 | Unspecified vulnerability in Netgear Xr1000 1.0.0.521.0.38 This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR XR1000 1.0.0.52_1.0.38 routers. low complexity netgear | 6.5 |
| 2021-12-30 | CVE-2021-20168 | Improper Authentication vulnerability in Netgear Rax43 Firmware 1.0.3.96 Netgear RAX43 version 1.0.3.96 does not have sufficient protections to the UART interface. | 6.8 |
| 2021-12-30 | CVE-2021-20169 | Cleartext Transmission of Sensitive Information vulnerability in Netgear Rax43 Firmware 1.0.3.96 Netgear RAX43 version 1.0.3.96 does not utilize secure communications to the web interface. | 6.8 |