CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-35778
https://notcve.org/view.php?id=CVE-2020-35778
Certain NETGEAR devices are affected by CSRF. This affects GS716Tv3 before 6.3.1.36 and GS724Tv4 before 6.3.1.36. Determinados dispositivos NETGEAR están afectados por una vulnerabilidad de tipo CSRF. Esto afecta a GS716Tv3 versiones anteriores a 6.3.1.36 y GS724Tv4 versiones anteriores a 6.3.1.36. • https://kb.netgear.com/000062721/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Smart-Managed-Pro-Switches-PSV-2020-0368 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2020-5621
https://notcve.org/view.php?id=CVE-2020-5621
Cross-site request forgery (CSRF) vulnerability in NETGEAR switching hubs (GS716Tv2 Firmware version 5.4.2.30 and earlier, and GS724Tv3 Firmware version 5.4.2.30 and earlier) allow remote attackers to hijack the authentication of administrators and alter the settings of the device via unspecified vectors. Una vulnerabilidad de tipo Cross-site request forgery (CSRF) en concentradores de conmutación NETGEAR (GS716Tv2 versiones de Firmware 5.4.2.30 y anteriores, y GS724Tv3 versiones de Firmware 5.4.2.30 y anteriores), permite a atacantes remotos secuestrar la autenticación de administradores y alterar la configuración del dispositivo por medio de vectores no especificados • http://jvn.jp/en/jp/JVN29903998/index.html https://jvn.jp/en/jp/JVN29903998/index.html https://www.netgear.com/support/product/gs716Tv2.aspx https://www.netgear.com/support/product/gs724tv3.aspx • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.7EPSS: 0%CPEs: 56EXPL: 0CVE-2017-18860
https://notcve.org/view.php?id=CVE-2017-18860
Certain NETGEAR devices are affected by debugging command execution. This affects FS752TP 5.4.2.19 and earlier, GS108Tv2 5.4.2.29 and earlier, GS110TP 5.4.2.29 and earlier, GS418TPP 6.6.2.6 and earlier, GS510TLP 6.6.2.6 and earlier, GS510TP 5.04.2.27 and earlier, GS510TPP 6.6.2.6 and earlier, GS716Tv2 5.4.2.27 and earlier, GS716Tv3 6.3.1.16 and earlier, GS724Tv3 5.4.2.27 and earlier, GS724Tv4 6.3.1.16 and earlier, GS728TPSB 5.3.0.29 and earlier, GS728TSB 5.3.0.29 and earlier, GS728TXS 6.1.0.35 and earlier, GS748Tv4 5.4.2.27 and earlier, GS748Tv5 6.3.1.16 and earlier, GS752TPSB 5.3.0.29 and earlier, GS752TSB 5.3.0.29 and earlier, GS752TXS 6.1.0.35 and earlier, M4200 12.0.2.10 and earlier, M4300 12.0.2.10 and earlier, M5300 11.0.0.28 and earlier, M6100 11.0.0.28 and earlier, M7100 11.0.0.28 and earlier, S3300 6.6.1.4 and earlier, XS708T 6.6.0.11 and earlier, XS712T 6.1.0.34 and earlier, and XS716T 6.6.0.11 and earlier. Determinados dispositivos NETGEAR están afectados por una ejecución de comandos de depuración. Esto afecta a FS752TP versiones 5.4.2.19 y anteriores, GS108Tv2 versiones 5.4.2.29 y anteriores, GS110TP versiones 5.4.2.29 y anteriores, GS418TPP versiones 6.6.2.6 y anteriores, GS510TLP versiones 6.6.2.6 y anteriores, GS510TP versiones 5.04.2.27 y anteriores, GS510TPP versiones 6.6.2.6 y anteriores, GS716Tv2 versiones 5.4.2.27 y anteriores, GS716Tv3 versiones 6.3.1.16 y anteriores, GS724Tv3 versiones 5.4.2.27 y anteriores, GS724Tv4 versiones 6.3.1.16 y anteriores, GS728TPSB versiones 5.3.0.29 y anteriores, GS728TSB versiones 5.3.0.29 y anteriores, GS728TXS versiones 6.1.0. 35 y anteriores, GS748Tv4 versiones 5.4.2.27 y anteriores, GS748Tv5 versiones 6.3.1.16 y anteriores, GS752TPSB versiones 5.3.0.29 y anteriores, GS752TSB versiones 5.3.0.29 y anteriores, GS752TXS versiones 6.1.0.35 y anteriores, M4200 versiones 12.0.2.10 y anteriores, M4300 versiones 12.0.2. 10 y anteriores, M5300 versiones 11.0.0.28 y anteriores, M6100 versiones 11.0.0.28 y anteriores, M7100 versiones 11.0.0.28 y anteriores, S3300 versiones 6.6.1.4 y anteriores, XS708T versiones 6.6.0.11 y anteriores, XS712T versiones 6.1.0.34 y anteriores, y XS716T versiones 6.6.0.11 y anteriores. • https://kb.netgear.com/000038519/Security-Advisory-for-Authentication-Bypass-and-Remote-Command-Execution-on-Some-Smart-and-Managed-Switches-PSV-2017-0857 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.8EPSS: 95%CPEs: 11EXPL: 2CVE-2013-4776 – Netgear ProSafe - Denial of Service
https://notcve.org/view.php?id=CVE-2013-4776
NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier, GS748Tv4 5.4.1.14, and GS510TP 5.0.4.4 allows remote attackers to cause a denial of service (reboot or crash) via a crafted HTTP request to filesystem/. NETGEAR ProSafe GS724Tv3 y GS716Tv2 con firmware 5.4.1.13 y anteriores, GS748Tv4 5.4.1.14, y GS510TP 5.0.4.4 permite a atacantes remotos causar una denegación de servicio (reboot y crash) a través de una petición HTTP manipulada a filesystem/. • https://www.exploit-db.com/exploits/27775 http://www.encripto.no/forskning/whitepapers/Netgear_prosafe_advisory_aug_2013.pdf •
CVSS: 7.8EPSS: 61%CPEs: 24EXPL: 2CVE-2013-4775 – Netgear ProSafe - Information Disclosure
https://notcve.org/view.php?id=CVE-2013-4775
NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier; GS748Tv4 with firmware 5.4.1.14; GS510TP with firmware 5.4.0.6; GS752TPS, GS728TPS, GS728TS, and GS725TS with firmware 5.3.0.17; and GS752TXS and GS728TXS with firmware 6.1.0.12 allows remote attackers to read encrypted administrator credentials and other startup configurations via a direct request to filesystem/startup-config. NETGEAR ProSafe GS724Tv3 y GS716Tv2 con firmware 5.4.1.13 y anteriores; GS748Tv4 con firmware 5.4.1.14; GS510TP con firmware 5.4.0.6; GS752TPS, GS728TPS, GS728TS, y GS725TS con firmware 5.3.0.17; y GS752TXS y GS728TXS con firmware 6.1.0.12 permite a atacantes remotos leer credenciales de administrador cifradas y otras configuraciones de inicio a través de una petición directa a filesystem/startup-config. • https://www.exploit-db.com/exploits/27774 http://www.encripto.no/forskning/whitepapers/Netgear_prosafe_advisory_aug_2013.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •