CVSS: 8.8EPSS: 0%CPEs: 48EXPL: 0CVE-2022-27644 – NETGEAR R6700v3 Improper Certificate Validation Vulnerability
https://notcve.org/view.php?id=CVE-2022-27644
This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. • https://kb.netgear.com/000064721/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0324 https://www.zerodayinitiative.com/advisories/ZDI-22-520 • CWE-295: Improper Certificate Validation •
CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0CVE-2021-45499
https://notcve.org/view.php?id=CVE-2021-45499
Certain NETGEAR devices are affected by authentication bypass. This affects R6900P before 1.3.3.140, R7000P before 1.3.3.140, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000P before 1.4.2.84, RAX75 before 1.0.3.106, and RAX80 before 1.0.3.106. Determinados dispositivos NETGEAR están afectados por una omisión de autenticación. Esto afecta a R6900P versiones anteriores a 1.3.3.140, a R7000P versiones anteriores a 1.3.3.140, a R7900P versiones anteriores a 1.4.2.84, a R7960P versiones anteriores a 1.4.2.84, a R8000P versiones anteriores a 1.4.2.84, a RAX75 versiones anteriores a 1.0.3.106 y a RAX80 versiones anteriores a 1.0.3.106 • https://kb.netgear.com/000064445/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-PSV-2019-0027 •
CVSS: 8.8EPSS: 0%CPEs: 24EXPL: 0CVE-2021-45530
https://notcve.org/view.php?id=CVE-2021-45530
Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R7000 before 1.0.11.126, R7960P before 1.4.2.84, R8000 before 1.0.4.74, RAX200 before 1.0.4.120, R8000P before 1.4.2.84, RAX20 before 1.0.2.82, RAX45 before 1.0.2.82, RAX80 before 1.0.4.120, R7900P before 1.4.2.84, RAX15 before 1.0.2.82, RAX50 before 1.0.2.82, and RAX75 before 1.0.4.120. Determinados dispositivos NETGEAR están afectados por un desbordamiento del búfer por parte de un usuario autenticado. Esto afecta a R7000 versiones anteriores a 1.0.11.126, a R7960P versiones anteriores a 1.4.2.84, a R8000 versiones anteriores a 1.0.4.74, a RAX200 versiones anteriores a 1.0.4.120, a R8000P versiones anteriores a 1.4.2.84, a RAX20 versiones anteriores a 1.0.2.82, a RAX45 versiones anteriores a 1.0.2.82, a RAX80 versiones anteriores a 1.0.4.120, a RAX80 versiones anteriores a 1.0.4.120. 0.2.82, RAX45 versiones anteriores a 1.0.2.82, RAX80 versiones anteriores a 1.0.4.120, R7900P versiones anteriores a 1.4.2.84, RAX15 versiones anteriores a 1.0.2.82, RAX50 versiones anteriores a 1.0.2.82 y RAX75 versiones anteriores a 1.0.4.120 • https://kb.netgear.com/000064486/Security-Advisory-for-Post-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2020-0320 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.4EPSS: 0%CPEs: 18EXPL: 0CVE-2021-45535
https://notcve.org/view.php?id=CVE-2021-45535
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RAX200 before 1.0.3.106, RAX80 before 1.0.3.106, RAX75 before 1.0.3.106, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. Determinados dispositivos NETGEAR están afectados por una inyección de comandos por parte de un usuario autenticado. Esto afecta a RAX200 versiones anteriores a 1.0.3.106, RAX80 versiones anteriores a 1.0.3.106, RAX75 versiones anteriores a 1.0.3.106, RBK752 versiones anteriores a 3.2.16.6, RBR750 versiones anteriores a 3.2.16.6, RBS750 versiones anteriores a 3.2.16.6, RBK852 versiones anteriores a 3.2.16.6, RBR850 versiones anteriores a 3.2.16.6 y RBS850 versiones anteriores a 3.2.16.6 • https://kb.netgear.com/000064457/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0052 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.4EPSS: 0%CPEs: 16EXPL: 0CVE-2021-45536
https://notcve.org/view.php?id=CVE-2021-45536
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RAX75 before 1.0.3.106, RAX80 before 1.0.3.106, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. Determinados dispositivos NETGEAR están afectados por una inyección de comandos por parte de un usuario autenticado. Esto afecta a RAX75 versiones anteriores a 1.0.3.106, RAX80 versiones anteriores a 1.0.3.106, RBK752 versiones anteriores a 3.2.16.6, RBR750 versiones anteriores a 3.2.16.6, RBS750 versiones anteriores a 3.2.16.6, RBK852 versiones anteriores a 3.2.16.6, RBR850 versiones anteriores a 3.2.16.6 y RBS850 versiones anteriores a 3.2.16.6 • https://kb.netgear.com/000064080/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0056 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •