Vulnerabilities > Netgear > Xr500 Firmware

DATE CVE VULNERABILITY TITLE RISK
2021-08-11 CVE-2021-38534 Cross-site Scripting vulnerability in Netgear products
Certain NETGEAR devices are affected by stored XSS.
network
low complexity
netgear CWE-79
4.8
2021-08-11 CVE-2021-38538 Cross-site Scripting vulnerability in Netgear products
Certain NETGEAR devices are affected by stored XSS.
network
low complexity
netgear CWE-79
6.1
2021-08-11 CVE-2021-38525 Out-of-bounds Write vulnerability in Netgear products
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.
network
low complexity
netgear CWE-787
7.2
2021-08-11 CVE-2021-38527 Command Injection vulnerability in Netgear products
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.
network
low complexity
netgear CWE-77
critical
9.8
2021-08-11 CVE-2021-38514 Unspecified vulnerability in Netgear products
Certain NETGEAR devices are affected by authentication bypass.
network
low complexity
netgear
2.7
2021-08-11 CVE-2021-38516 Unspecified vulnerability in Netgear products
Certain NETGEAR devices are affected by lack of access control at the function level.
network
low complexity
netgear
critical
9.8
2021-04-14 CVE-2021-27253 Out-of-bounds Write vulnerability in Netgear products
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800.
low complexity
netgear CWE-787
8.8
2021-04-14 CVE-2021-27252 OS Command Injection vulnerability in Netgear products
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76.
low complexity
netgear CWE-78
8.8
2021-04-14 CVE-2021-27251 Cleartext Transmission of Sensitive Information vulnerability in Netgear products
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800.
low complexity
netgear CWE-319
8.8
2021-03-23 CVE-2021-29069 Command Injection vulnerability in Netgear Wnr2000V5 Firmware, Xr450 Firmware and Xr500 Firmware
Certain NETGEAR devices are affected by command injection by an authenticated user.
low complexity
netgear CWE-77
8.4