CVSS: 6.8EPSS: 0%CPEs: 60EXPL: 0CVE-2021-45550
https://notcve.org/view.php?id=CVE-2021-45550
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.78, D6100 before 1.0.0.63, D6220 before 1.0.0.52, D6400 before 1.0.0.86, D7800 before 1.0.1.56, D8500 before 1.0.3.44, DGN2200Bv4 before 1.0.0.109, DGN2200v4 before 1.0.0.110, R6250 before 1.0.4.34, R6300v2 before 1.0.4.34, R6400 before 1.0.1.46, R6400v2 before 1.0.2.66, R6700 before 1.0.2.6, R6700v3 before 1.0.2.66, R6900 before 1.0.2.4, R6900P before 1.3.1.64, R7000 before 1.0.9.42, R7000P before 1.3.1.64, R7100LG before 1.0.0.50, R7300 before 1.0.0.70, R7900 before 1.0.3.8, R7900P before 1.4.1.30, R8000 before 1.0.4.28, R8000P before 1.4.1.30, R8300 before 1.0.2.128, R8500 before 1.0.2.128, WNDR3400v3 before 1.0.1.24, WNR3500Lv2 before 1.2.0.62, and XR500 before 2.3.2.56. Determinados dispositivos NETGEAR están afectados por una inyección de comandos por parte de un usuario autenticado. Esto afecta a D3600 versiones anteriores a 1.0.0.76, D6000 versiones anteriores a 1.0.0.78, D6100 versiones anteriores a 1.0.0.63, D6220 versiones anteriores a 1.0.0.52, D6400 versiones anteriores a 1.0.0.86, D7800 versiones anteriores a 1.0.1.56, D8500 versiones anteriores a 1.0.3.44, DGN2200Bv4 versiones anteriores a 1. 0.0.109, DGN2200v4 versiones anteriores a 1.0.0.110, R6250 versiones anteriores a 1.0.4.34, R6300v2 versiones anteriores a 1.0.4.34, R6400 versiones anteriores a 1.0.1.46, R6400v2 versiones anteriores a 1.0.2.66, R6700 versiones anteriores a 1.0.2.6, R6700v3 versiones anteriores a 1.0. 2.66, R6900 versiones anteriores a 1.0.2.4, R6900P versiones anteriores a 1.3.1.64, R7000 versiones anteriores a 1.0.9.42, R7000P versiones anteriores a 1.3.1.64, R7100LG versiones anteriores a 1.0.0.50, R7300 versiones anteriores a 1.0.0.70, R7900 versiones anteriores a 1.0.3.8, R7900P versiones anteriores a 1. 4.1.30, R8000 versiones anteriores a 1.0.4.28, R8000P versiones anteriores a 1.4.1.30, R8300 versiones anteriores a 1.0.2.128, R8500 versiones anteriores a 1.0.2.128, WNDR3400v3 versiones anteriores a 1.0.1.24, WNR3500Lv2 versiones anteriores a 1.2.0.62 y XR500 versiones anteriores a 2.3.2.56 • https://kb.netgear.com/000064049/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-PSV-2018-0376 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 20EXPL: 0CVE-2021-45609
https://notcve.org/view.php?id=CVE-2021-45609
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D8500 before 1.0.3.58, R6250 before 1.0.4.48, R7000 before 1.0.11.116, R7100LG before 1.0.0.64, R7900 before 1.0.4.38, R8300 before 1.0.2.144, R8500 before 1.0.2.144, XR300 before 1.0.3.68, R7000P before 1.3.2.132, and R6900P before 1.3.2.132. Determinados dispositivos NETGEAR están afectados por un desbordamiento del búfer por parte de un atacante no autenticado. Esto afecta a D8500 versiones anteriores a 1.0.3.58, a R6250 versiones anteriores a 1.0.4.48, a R7000 versiones anteriores a 1.0.11.116, a R7100LG versiones anteriores a 1.0.0.64, a R7900 versiones anteriores a 1.0.4.38, a R8300 versiones anteriores a 1.0.2.144, a R8500 versiones anteriores a 1.0.2.144, al XR300 versiones anteriores a 1.0.3.68, a R7000P versiones anteriores a 1.3.2.132 y a R6900P versiones anteriores a 1.3.2.132 • https://kb.netgear.com/000064483/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2020-0274 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 56EXPL: 0CVE-2021-45610
https://notcve.org/view.php?id=CVE-2021-45610
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D6220 before 1.0.0.66, D6400 before 1.0.0.100, D7000v2 before 1.0.0.66, D8500 before 1.0.3.58, DC112A before 1.0.0.52, DGN2200v4 before 1.0.0.118, EAX80 before 1.0.1.64, R6250 before 1.0.4.48, R7000 before 1.0.11.110, R7100LG before 1.0.0.72, R7900 before 1.0.4.30, R7960P before 1.4.1.64, R8000 before 1.0.4.62, RAX200 before 1.0.3.106, RS400 before 1.5.1.80, XR300 before 1.0.3.68, R6400v2 before 1.0.4.106, R7000P before 1.3.2.132, R8000P before 1.4.1.64, RAX20 before 1.0.2.82, RAX45 before 1.0.2.82, RAX80 before 1.0.3.106, R6700v3 before 1.0.4.106, R6900P before 1.3.2.132, R7900P before 1.4.1.64, RAX15 before 1.0.2.82, RAX50 before 1.0.2.82, and RAX75 before 1.0.3.106. Determinados dispositivos NETGEAR están afectados por un desbordamiento del búfer por parte de un atacante no autenticado. Esto afecta a D8500 versiones anteriores a 1.0.3.58, a R6250 versiones anteriores a 1.0.4.48, a R7000 versiones anteriores a 1.0.11.116, a R7100LG versiones anteriores a 1.0.0.64, a R7900 versiones anteriores a 1.0.4.38, a R8300 versiones anteriores a 1.0.2.144, a R8500 versiones anteriores a 1.0.2.144, al XR300 versiones anteriores a 1.0.3.68, a R7000P versiones anteriores a 1.3.2.132 y a R6900P versiones anteriores a 1.3.2.132 • https://kb.netgear.com/000064487/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2020-0322 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 96EXPL: 0CVE-2021-45621
https://notcve.org/view.php?id=CVE-2021-45621
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 3.2.18.2, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, EX3700 before 1.0.0.94, EX3800 before 1.0.0.94, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7000 before 1.0.1.104, EX7500 before 1.0.0.74, LAX20 before 1.1.6.28, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6300v2 before 1.0.4.52, R6400 before 1.0.1.70, R6400v2 before 1.0.4.106, R6700v3 before 1.0.4.106, R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, R7100LG before 1.0.0.72, R7850 before 1.0.5.74, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, R8300 before 1.0.2.154, R8500 before 1.0.2.154, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, XR1000 before 1.0.0.58, and XR300 before 1.0.3.68. Determinados dispositivos NETGEAR están afectados por una inyección de comandos por parte de un atacante no autenticado. Esto afecta a CBR40 versiones anteriores a 2.5.0.24, CBR750 versiones anteriores a 3.2.18.2, EAX20 versiones anteriores a 1.0.0.58, EAX80 versiones anteriores a 1.0.1.68, EX3700 versiones anteriores a 1.0.0.94, EX3800 versiones anteriores a 1.0.0. 94, EX6120 versiones anteriores a 1.0.0.64, EX6130 versiones anteriores a 1.0.0.44, EX7000 versiones anteriores a 1.0.1.104, EX7500 versiones anteriores a 1.0.0.74, LAX20 versiones anteriores a 1.1.6.28, MR60 versiones anteriores a 1.0.6.116, MS60 versiones anteriores a 1.0. 6.116, R6300v2 versiones anteriores a 1.0.4.52, R6400 versiones anteriores a 1.0.1.70, R6400v2 versiones anteriores a 1.0.4.106, R6700v3 versiones anteriores a 1.0.4.106, R6900P versiones anteriores a 1.3.3.140, R7000 versiones anteriores a 1.0.11. 126, R7000P versiones anteriores a 1.3.3.140, R7100LG versiones anteriores a 1.0.0.72, R7850 versiones anteriores a 1.0.5.74, R7900 versiones anteriores a 1.0.4.46, R7900P versiones anteriores a 1.4.2.84, R7960P versiones anteriores a 1.4.2.84, R8000 versiones anteriores a 1. 0.4.74, R8000P versiones anteriores a 1.4.2.84, R8300 versiones anteriores a 1.0.2.154, R8500 versiones anteriores a 1.0.2.154, RAX15 versiones anteriores a 1.0.3.96, RAX20 versiones anteriores a 1.0.3.96, RAX200 versiones anteriores a 1.0.4. 120, RAX35v2 versiones anteriores a 1.0.3.96, RAX40v2 versiones anteriores a 1.0.3.96, RAX43 versiones anteriores a 1.0.3.96, RAX45 versiones anteriores a 1.0.3.96, RAX50 versiones anteriores a 1.0.3.96, RAX75 versiones anteriores a 1.0.4.120, RAX80 versiones anteriores a 1. 0.4.120, RBK752 versiones anteriores a 3.2.17.12, RBK852 versiones anteriores a 3.2.17.12, RBK852 versiones anteriores a 3.2.17.12, RBR750 versiones anteriores a 3.2.17.12, RBR850 versiones anteriores a 3.2.17.12, RBR850 versiones anteriores a 3.2. 17.12, RBS750 versiones anteriores a 3.2.17.12, RBS850 versiones anteriores a 3.2.17.12, RBS850 versiones anteriores a 3.2.17.12, RS400 versiones anteriores a 1.5.1.80, XR1000 versiones anteriores a 1.0.0.58 y XR300 versiones anteriores a 1.0.3.68 • https://kb.netgear.com/000064523/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0562 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 22EXPL: 0CVE-2021-45624
https://notcve.org/view.php?id=CVE-2021-45624
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7000v2 before 1.0.0.66, D8500 before 1.0.3.58, R7000 before 1.0.11.110, R7100LG before 1.0.0.72, R7900 before 1.0.4.30, R8000 before 1.0.4.62, XR300 before 1.0.3.56, R7000P before 1.3.2.132, R8500 before 1.0.2.144, R6900P before 1.3.2.132, and R8300 before 1.0.2.144. Determinados dispositivos NETGEAR están afectados por una inyección de comandos por parte de un atacante no autenticado. Esto afecta a D7000v2 versiones anteriores a 1.0.0.66, D8500 versiones anteriores a 1.0.3.58, R7000 versiones anteriores a 1.0.11.110, R7100LG versiones anteriores a 1.0.0.72, R7900 versiones anteriores a 1.0.4.30, R8000 versiones anteriores a 1. 0.4.62, XR300 versiones anteriores a 1.0.3.56, R7000P versiones anteriores a 1.3.2.132, R8500 versiones anteriores a 1.0.2.144, R6900P versiones anteriores a 1.3.2.132 y R8300 versiones anteriores a 1.0.2.144 • https://kb.netgear.com/000064485/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-PSV-2020-0298 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •