CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-38452
https://notcve.org/view.php?id=CVE-2022-38452
A command execution vulnerability exists in the hidden telnet service functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability. • https://kb.netgear.com/000065567/Security-Advisory-for-Post-authentication-Command-Injection-on-the-RBR750-PSV-2022-0186 https://talosintelligence.com/vulnerability_reports/TALOS-2022-1595 • CWE-912: Hidden Functionality •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 1CVE-2022-37337
https://notcve.org/view.php?id=CVE-2022-37337
A command execution vulnerability exists in the access control functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. • https://kb.netgear.com/000065417/Security-Advisory-for-Command-Injection-on-Some-Orbi-WiFi-Systems-PSV-2022-0187 https://talosintelligence.com/vulnerability_reports/TALOS-2022-1596 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1CVE-2022-36429
https://notcve.org/view.php?id=CVE-2022-36429
A command execution vulnerability exists in the ubus backend communications functionality of Netgear Orbi Satellite RBS750 4.6.8.5. A specially-crafted JSON object can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this vulnerability. • https://kb.netgear.com/000065424/Security-Advisory-for-Command-Injection-on-Some-Orbi-WiFi-Systems-PSV-2022-0188 https://talosintelligence.com/vulnerability_reports/TALOS-2022-1597 • CWE-912: Hidden Functionality •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-38458
https://notcve.org/view.php?id=CVE-2022-38458
A cleartext transmission vulnerability exists in the Remote Management functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information. • https://kb.netgear.com/000065428/Security-Advisory-for-Cleartext-Transmission-on-Some-Orbi-WiFi-Systems-PSV-2022-0189 https://talosintelligence.com/vulnerability_reports/TALOS-2022-1598 • CWE-311: Missing Encryption of Sensitive Data CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 9.6EPSS: 0%CPEs: 14EXPL: 0CVE-2021-45502
https://notcve.org/view.php?id=CVE-2021-45502
Certain NETGEAR devices are affected by authentication bypass. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. Determinados dispositivos NETGEAR están afectados por una omisión de autenticación. Esto afecta a CBR750 versiones anteriores a 4.6.3.6, RBK752 versiones anteriores a 3.2.17.12, RBR750 versiones anteriores a 3.2.17.12, RBS750 versiones anteriores a 3.2.17.12, RBK852 versiones anteriores a 3.2.17.12, RBR850 versiones anteriores a 3.2.17.12 y RBS850 versiones anteriores a 3.2.17.12 • https://kb.netgear.com/000064126/Security-Advisory-for-Authentication-Bypass-on-Some-WiFi-Systems-PSV-2020-0473 •