CVSS: 8.8EPSS: 0%CPEs: 48EXPL: 0CVE-2022-27644 – NETGEAR R6700v3 Improper Certificate Validation Vulnerability
https://notcve.org/view.php?id=CVE-2022-27644
This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. • https://kb.netgear.com/000064721/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0324 https://www.zerodayinitiative.com/advisories/ZDI-22-520 • CWE-295: Improper Certificate Validation •
CVSS: 8.8EPSS: 0%CPEs: 22EXPL: 0CVE-2021-45544
https://notcve.org/view.php?id=CVE-2021-45544
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7850 before 1.0.5.74, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX200 before 1.0.4.120, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. Determinados dispositivos NETGEAR están afectados por una inyección de comandos por parte de un usuario autenticado. Esto afecta a R7850 versiones anteriores a 1.0.5.74, a R7900P versiones anteriores a 1.4.2.84, a R7960P versiones anteriores a 1.4.2.84, a R8000 versiones anteriores a 1.0.4.74, a R8000P versiones anteriores a 1.4.2.84, a RAX200 versiones anteriores a 1. 0.4.120, RAX75 versiones anteriores a 1.0.4.120, RAX80 versiones anteriores a 1.0.4.120, RBK852 versiones anteriores a 3.2.17.12, RBR850 versiones anteriores a 3.2.17.12 y RBS850 versiones anteriores a 3.2.17.12 • https://kb.netgear.com/000064518/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0556 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.4EPSS: 0%CPEs: 22EXPL: 0CVE-2021-45545
https://notcve.org/view.php?id=CVE-2021-45545
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7850 before 1.0.5.74, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX200 before 1.0.4.120, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. Determinados dispositivos NETGEAR están afectados por una inyección de comandos por parte de un usuario autenticado. Esto afecta a R7850 versiones anteriores a 1.0.5.74, a R7900P versiones anteriores a 1.4.2.84, a R7960P versiones anteriores a 1.4.2.84, a R8000 versiones anteriores a 1.0.4.74, a R8000P versiones anteriores a 1.4.2.84, a RAX200 versiones anteriores a 1. 0.4.120, RAX75 versiones anteriores a 1.0.4.120, RAX80 versiones anteriores a 1.0.4.120, RBK852 versiones anteriores a 3.2.17.12, RBR850 versiones anteriores a 3.2.17.12 y RBS850 versiones anteriores a 3.2.17.12 • https://kb.netgear.com/000064522/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0557 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 28EXPL: 0CVE-2021-45546
https://notcve.org/view.php?id=CVE-2021-45546
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7850 before 1.0.5.74, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX200 before 1.0.4.120, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, and RBS850 before 3.2.17.12. Determinados dispositivos NETGEAR están afectados por una inyección de comandos por parte de un usuario autenticado. Esto afecta a R7850 versiones anteriores a 1.0.5.74, a R7900P versiones anteriores a 1.4.2.84, a R7960P versiones anteriores a 1.4.2.84, a R8000 versiones anteriores a 1.0.4.74, a R8000P versiones anteriores a 1.4.2.84, a RAX200 versiones anteriores a 1.0.4.120, a RAX75 versiones anteriores a 1.0.4. 120, RAX80 versiones anteriores a 1.0.4.120, RBK752 versiones anteriores a 3.2.17.12, RBK852 versiones anteriores a 3.2.17.12, RBR750 versiones anteriores a 3.2.17.12, RBR850 versiones anteriores a 3.2.17.12, RBS750 versiones anteriores a 3.2.17.12 y RBS850 versiones anteriores a 3.2.17.12 • https://kb.netgear.com/000064524/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0566 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 28EXPL: 0CVE-2021-45547
https://notcve.org/view.php?id=CVE-2021-45547
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7850 before 1.0.5.74, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX200 before 1.0.4.120, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, and RBS850 before 3.2.17.12. Determinados dispositivos NETGEAR están afectados por una inyección de comandos por parte de un usuario autenticado. Esto afecta a R7850 versiones anteriores a 1.0.5.74, a R7900P versiones anteriores a 1.4.2.84, a R7960P versiones anteriores a 1.4.2.84, a R8000 versiones anteriores a 1.0.4.74, a R8000P versiones anteriores a 1.4.2.84, a RAX200 versiones anteriores a 1.0.4.120, a RAX75 versiones anteriores a 1.0.4. 120, RAX80 versiones anteriores a 1.0.4.120, RBK752 versiones anteriores a 3.2.17.12, RBK852 versiones anteriores a 3.2.17.12, RBR750 versiones anteriores a 3.2.17.12, RBR850 versiones anteriores a 3.2.17.12, RBS750 versiones anteriores a 3.2.17.12 y RBS850 versiones anteriores a 3.2.17.12 • https://kb.netgear.com/000064525/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0567 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •