8 results (0.006 seconds)

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

Netgear RAX30 (AX2400), prior to version 1.0.6.74, was affected by an authentication bypass vulnerability, allowing an unauthenticated attacker to gain administrative access to the device's web management interface by resetting the admin password. • https://drupal9.tenable.com/security/research/tra-2023-10 https://github.com/advisories/GHSA-pvxx-rv48-qw5m • CWE-287: Improper Authentication •

CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0

NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that allows users with access to this feature to access arbitrary files on the device. • https://tenable.com/security/research/tra-2023-9 •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a format string vulnerability in a SOAP service that could allow an attacker to execute arbitrary code on the device. • https://tenable.com/security/research/tra-2023-9 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a buffer overflow vulnerability in various CGI mechanisms that could allow an attacker to execute arbitrary code on the device. • https://tenable.com/security/research/tra-2023-9 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 is vulnerable to cross-site request forgery attacks on all endpoints due to improperly implemented CSRF protections. • https://tenable.com/security/research/tra-2023-9 • CWE-352: Cross-Site Request Forgery (CSRF) •