Vulnerabilities > Netgear > Xr500 Firmware > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-26 | CVE-2021-45548 | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 8.8 |
| 2021-12-26 | CVE-2021-45602 | OS Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 7.8 |
| 2021-12-26 | CVE-2021-45640 | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by incorrect configuration of security settings. | 7.2 |
| 2021-12-26 | CVE-2021-45641 | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by incorrect configuration of security settings. | 8.8 |
| 2021-12-26 | CVE-2021-45642 | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by incorrect configuration of security settings. | 7.2 |
| 2021-08-11 | CVE-2021-38525 | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. | 7.2 |
| 2021-04-14 | CVE-2021-27253 | Out-of-bounds Write vulnerability in Netgear products This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. | 8.8 |
| 2021-04-14 | CVE-2021-27252 | OS Command Injection vulnerability in Netgear products This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. | 8.8 |
| 2021-04-14 | CVE-2021-27251 | Cleartext Transmission of Sensitive Information vulnerability in Netgear products This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. | 8.8 |
| 2021-03-23 | CVE-2021-29069 | Command Injection vulnerability in Netgear Wnr2000V5 Firmware, Xr450 Firmware and Xr500 Firmware Certain NETGEAR devices are affected by command injection by an authenticated user. | 8.4 |