Page 111 of 1148 results (0.015 seconds)

CVSS: 8.8EPSS: 2%CPEs: 6EXPL: 3

CVE-2020-11549

https://notcve.org/view.php?id=CVE-2020-11549

An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 V2.5.1.106. The root account has the same password as the Web-admin component. Thus, by exploiting CVE-2020-11551, it is possible to achieve remote code execution with root privileges on the embedded Linux system. Se detectó un problema en NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 versión V2.5.1.106, Outdoor Satellite (RBS50Y) versión V2.5.1.106, y Pro Tri-Band Business WiFi Router (SRR60) AC3000 versión V2.5.1.106. La cuenta root presenta la misma contraseña que el componente Web-admin. • https://github.com/modzero/MZ-20-02-NETGEAR-Orbi-Security https://www.modzero.com/advisories/MZ-20-02-Netgear-Orbi-Pro-Security.txt https://www.modzero.com/modlog/archives/2020/05/18/how_netgear_meshed_up_wifi_for_business/index.html • CWE-798: Use of Hard-coded Credentials •

CVSS: 7.4EPSS: 0%CPEs: 6EXPL: 3

CVE-2020-11550

https://notcve.org/view.php?id=CVE-2020-11550

An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 V2.5.1.106. The administrative SOAP interface allows an unauthenticated remote leak of sensitive/arbitrary Wi-Fi information, such as SSIDs and Pre-Shared-Keys (PSK). Se detectó un problema en NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 versión V2.5.1.106, Outdoor Satellite (RBS50Y) versión V2.5.1.106, y Pro Tri-Band Business WiFi Router (SRR60) AC3000 versión V2.5.1.106. La interfaz administrativa SOAP, permite un filtrado remoto no autenticado de información de Wi-Fi confidencial/arbitraria, tales como SSID y Pre-Shared-Keys (PSK). • https://github.com/modzero/MZ-20-02-NETGEAR-Orbi-Security https://www.modzero.com/advisories/MZ-20-02-Netgear-Orbi-Pro-Security.txt https://www.modzero.com/modlog/archives/2020/05/18/how_netgear_meshed_up_wifi_for_business/index.html •

CVSS: 9.6EPSS: 0%CPEs: 6EXPL: 3

CVE-2020-11551

https://notcve.org/view.php?id=CVE-2020-11551

An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 V2.5.1.106. The administrative SOAP interface allows an unauthenticated remote write of arbitrary Wi-Fi configuration data such as authentication details (e.g., the Web-admin password), network settings, DNS settings, system administration interface configuration, etc. Se ha detectado un problema en NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 versión V2.5.1.106, Outdoor Satellite (RBS50Y) versión V2.5.1.106, y Pro Tri-Band Business WiFi Router (SRR60) AC3000 versión V2.5.1.106. La interfaz administrativa SOAP, permite una escritura remota no autenticada de datos de configuración Wi-Fi arbitrarios, tales como detalles de autenticación (por ejemplo, la contraseña de Web-admin), ajustes de red, ajustes de DNS, configuración de la interfaz de administración del sistema, etc. • https://github.com/modzero/MZ-20-02-NETGEAR-Orbi-Security https://www.modzero.com/advisories/MZ-20-02-Netgear-Orbi-Pro-Security.txt https://www.modzero.com/modlog/archives/2020/05/18/how_netgear_meshed_up_wifi_for_business/index.html • CWE-287: Improper Authentication CWE-330: Use of Insufficiently Random Values •

CVSS: 8.8EPSS: 0%CPEs: 24EXPL: 0

CVE-2017-18864

https://notcve.org/view.php?id=CVE-2017-18864

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects R6400 before 1.0.1.24, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.4, R7000P before 1.0.0.56, R6900P before 1.0.0.56, R7100LG before 1.0.0.32, R7300 before 1.0.0.54, R7900 before 1.0.1.18, R8300 before 1.0.2.104, and R8500 before 1.0.2.104. Determinados dispositivos NETGEAR están afectados por un desbordamiento de búfer por parte de un atacante no autenticado. Esto afecta a R6400 versiones anteriores a 1.0.1.24, R6400v2 versiones anteriores a 1.0.2.32, R6700 versiones anteriores a 1.0.1.22, R6900 versiones anteriores a 1.0.1.22, R7000 versiones anteriores a 1.0.9.4, R7000P versiones anteriores a 1.0.0. 56, R6900P versiones anteriores a 1.0.0.56, R7100LG versiones anteriores a 1.0.0.32, R7300 versiones anteriores a 1.0.0.54, R7900 versiones anteriores a 1.0.1.18, R8300 versiones anteriores a 1.0.2.104, y R8500 versiones anteriores a 1.0.2.104. • https://kb.netgear.com/000051495/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Routers-PSV-2017-0791 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0

CVE-2017-18865

https://notcve.org/view.php?id=CVE-2017-18865

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R8300 before 1.0.2.104 and R8500 before 1.0.2.104. Determinados dispositivos de NETGEAR están afectados por un desbordamiento del búfer en la región stack de la memoria por parte de un usuario autenticado. Esto afecta a R8300 versiones anteriores a 1.0.2.104 y a R8500 versiones anteriores a 1.0.2.104. • https://kb.netgear.com/000051485/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-R8300-and-R8500-PSV-2017-2228 • CWE-787: Out-of-bounds Write •