Vulnerabilities > Netgear > Wndap360 Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-28 | CVE-2017-18863 | Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command execution via a PHP form. | 7.1 |
| 2020-04-27 | CVE-2018-21097 | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. | 9.8 |
| 2020-04-27 | CVE-2018-21096 | Cross-Site Request Forgery (CSRF) vulnerability in Netgear products Certain NETGEAR devices are affected by CSRF. | 7.4 |
| 2020-04-27 | CVE-2018-21094 | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by incorrect configuration of security settings. | 7.3 |
| 2020-04-22 | CVE-2018-21120 | Cross-Site Request Forgery (CSRF) vulnerability in Netgear products Certain NETGEAR devices are affected by CSRF. | 8.0 |
| 2020-04-21 | CVE-2017-18805 | Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection. | 6.7 |
| 2020-04-21 | CVE-2017-18806 | Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection. | 6.7 |
| 2017-04-21 | CVE-2016-1557 | Information Exposure vulnerability in Netgear products Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless passwords and administrative usernames and passwords over SNMP. | 9.8 |
| 2017-04-21 | CVE-2016-1556 | Information Exposure vulnerability in Netgear products Information disclosure in Netgear WN604 before 3.3.3; WNAP210, WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0; and WND930 before 2.0.11 allows remote attackers to read the wireless WPS PIN or passphrase by visiting unauthenticated webpages. | 7.5 |
| 2017-04-21 | CVE-2016-1555 | Command Injection vulnerability in Netgear products (1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands. | 9.8 |