CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-30280
https://notcve.org/view.php?id=CVE-2023-30280
Buffer Overflow vulnerability found in Netgear R6900 v.1.0.2.26, R6700v3 v.1.0.4.128, R6700 v.1.0.0.26 allows a remote attacker to execute arbitrary code and cause a denial ofservice via the getInputData parameter of the fwSchedule.cgi page. • https://github.com https://www.netgear.com/about/security • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-38452
https://notcve.org/view.php?id=CVE-2022-38452
A command execution vulnerability exists in the hidden telnet service functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability. • https://kb.netgear.com/000065567/Security-Advisory-for-Post-authentication-Command-Injection-on-the-RBR750-PSV-2022-0186 https://talosintelligence.com/vulnerability_reports/TALOS-2022-1595 • CWE-912: Hidden Functionality •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 1CVE-2022-37337
https://notcve.org/view.php?id=CVE-2022-37337
A command execution vulnerability exists in the access control functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. • https://kb.netgear.com/000065417/Security-Advisory-for-Command-Injection-on-Some-Orbi-WiFi-Systems-PSV-2022-0187 https://talosintelligence.com/vulnerability_reports/TALOS-2022-1596 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1CVE-2022-36429
https://notcve.org/view.php?id=CVE-2022-36429
A command execution vulnerability exists in the ubus backend communications functionality of Netgear Orbi Satellite RBS750 4.6.8.5. A specially-crafted JSON object can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this vulnerability. • https://kb.netgear.com/000065424/Security-Advisory-for-Command-Injection-on-Some-Orbi-WiFi-Systems-PSV-2022-0188 https://talosintelligence.com/vulnerability_reports/TALOS-2022-1597 • CWE-912: Hidden Functionality •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-38458
https://notcve.org/view.php?id=CVE-2022-38458
A cleartext transmission vulnerability exists in the Remote Management functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information. • https://kb.netgear.com/000065428/Security-Advisory-for-Cleartext-Transmission-on-Some-Orbi-WiFi-Systems-PSV-2022-0189 https://talosintelligence.com/vulnerability_reports/TALOS-2022-1598 • CWE-311: Missing Encryption of Sensitive Data CWE-319: Cleartext Transmission of Sensitive Information •