CVSS: 5.3EPSS: 0%CPEs: 10EXPL: 1CVE-2021-44261
https://notcve.org/view.php?id=CVE-2021-44261
17 Mar 2022 — A vulnerability is in the 'BRS_top.html' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes firmware version information for the device. Se presenta una vulnerabilidad en la página "BRS_top.html" del Netgear W104, versión WAC104-V1.0.4.13, que puede permitir a un atacante remoto acceder a esta página sin ninguna autenticación. Cuando es procesado, expone la información de la versión del firmware del... • https://github.com/zer0yu/CVE_Request/blob/master/netgear/Netgear_W104_unauthorized_access_vulnerability_first.md • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2021-44262
https://notcve.org/view.php?id=CVE-2021-44262
17 Mar 2022 — A vulnerability is in the 'MNU_top.htm' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes some key information for the device. Se presenta una vulnerabilidad en la página "MNU_top.htm" del Netgear W104, versión WAC104-V1.0.4.13, que puede permitir a un atacante remoto acceder a esta página sin ninguna autenticación. Cuando es procesado, expone determinada información clave para el dispositivo • https://github.com/zer0yu/CVE_Request/blob/master/netgear/Netgear_W104_unauthorized_access_vulnerability_second.md • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2021-38532
https://notcve.org/view.php?id=CVE-2021-38532
10 Aug 2021 — NETGEAR WAC104 devices before 1.0.4.15 are affected by incorrect configuration of security settings. Los dispositivos NETGEAR WAC104 versiones anteriores a 1.0.4.15, están afectados por una configuración incorrecta de los ajustes de seguridad • https://kb.netgear.com/000063787/Security-Advisory-for-Security-Misconfiguration-on-WAC104-PSV-2021-0124 •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 1CVE-2021-35973
https://notcve.org/view.php?id=CVE-2021-35973
30 Jun 2021 — NETGEAR WAC104 devices before 1.0.4.15 are affected by an authentication bypass vulnerability in /usr/sbin/mini_httpd, allowing an unauthenticated attacker to invoke any action by adding the ¤tsetting.htm substring to the HTTP query, a related issue to CVE-2020-27866. This directly allows the attacker to change the web UI password, and eventually to enable debug mode (telnetd) and gain a shell on the device as the admin limited-user account (however, escalation to root is simple because of weak permis... • https://gynvael.coldwind.pl/?lang=en&id=736 • CWE-697: Incorrect Comparison •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2020-35788
https://notcve.org/view.php?id=CVE-2020-35788
29 Dec 2020 — NETGEAR WAC104 devices before 1.0.4.13 are affected by a buffer overflow by an authenticated user. Los dispositivos NETGEAR WAC104 versiones anteriores a 1.0.4.13, están afectados por un desbordamiento del búfer por parte de un usuario autenticado. • https://kb.netgear.com/000062719/Security-Advisory-for-Post-Authentication-Buffer-Overflow-on-WAC104-PSV-2020-0319 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •