CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2021-45659
https://notcve.org/view.php?id=CVE-2021-45659
26 Dec 2021 — Certain NETGEAR devices are affected by server-side injection. This affects RBK40 before 2.5.1.16, RBR40 before 2.5.1.16, RBS40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20 before 2.5.1.16, RBK50 before 2.5.1.16, RBR50 before 2.5.1.16, RBS50 before 2.5.1.16, and RBS50Y before 2.6.1.40. Determinados dispositivos NETGEAR están afectados por una inyección en el lado del servidor. Esto afecta a RBK40 versiones anteriores a 2.5.1.16, RBR40 versiones anteriores a 2.5.1.16, RBS40 versiones ... • https://kb.netgear.com/000064063/Security-Advisory-for-Server-Side-Injection-on-Some-WiFi-Systems-PSV-2019-0126 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2021-45660
https://notcve.org/view.php?id=CVE-2021-45660
26 Dec 2021 — Certain NETGEAR devices are affected by server-side injection. This affects RBK40 before 2.5.1.16, RBR40 before 2.5.1.16, RBS40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20 before 2.5.1.16, RBK50 before 2.5.1.16, RBR50 before 2.5.1.16, RBS50 before 2.5.1.16, and RBS50Y before 2.6.1.40. Determinados dispositivos NETGEAR están afectados por una inyección en el lado del servidor. Esto afecta a RBK40 versiones anteriores a 2.5.1.16, RBR40 versiones anteriores a 2.5.1.16, RBS40 versiones ... • https://kb.netgear.com/000064064/Security-Advisory-for-Server-Side-Injection-on-Some-WiFi-Systems-PSV-2019-0133 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2021-45661
https://notcve.org/view.php?id=CVE-2021-45661
26 Dec 2021 — Certain NETGEAR devices are affected by server-side injection. This affects RBK40 before 2.5.1.16, RBR40 before 2.5.1.16, RBS40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20 before 2.5.1.16, RBK50 before 2.5.1.16, RBR50 before 2.5.1.16, RBS50 before 2.5.1.16, and RBS50Y before 2.6.1.40. Determinados dispositivos NETGEAR están afectados por una inyección del lado del servidor. Esto afecta a RBK40 versiones anteriores a 2.5.1.16, RBR40 versiones anteriores a 2.5.1.16, RBS40 versiones an... • https://kb.netgear.com/000064065/Security-Advisory-for-Server-Side-Injection-on-Some-WiFi-Systems-PSV-2019-0134 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 10.0EPSS: 2%CPEs: 72EXPL: 0CVE-2021-38527
https://notcve.org/view.php?id=CVE-2021-38527
11 Aug 2021 — Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.14, EX6100v2 before 1.0.1.98, EX6150v2 before 1.0.1.98, EX6250 before 1.0.0.132, EX6400 before 1.0.2.158, EX6400v2 before 1.0.0.132, EX6410 before 1.0.0.132, EX6420 before 1.0.0.132, EX7300 before 1.0.2.158, EX7300v2 before 1.0.0.132, EX7320 before 1.0.0.132, EX7700 before 1.0.0.216, EX8000 before 1.0.1.232, R7800 before 1.0.2.78, RBK12 before 2.6.1.44, RBR10 before 2.6.1.44, RBS10 befor... • https://kb.netgear.com/000063778/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Extenders-Routers-and-WiFi-Systems-PSV-2020-0025 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 2%CPEs: 20EXPL: 0CVE-2021-38530
https://notcve.org/view.php?id=CVE-2021-38530
11 Aug 2021 — Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK40 before 2.5.1.16, RBR40 before 2.5.1.16, RBS40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20 before 2.5.1.16, RBK50 before 2.5.1.16, RBR50 before 2.5.1.16, RBS50 before 2.5.1.16, and RBS50Y before 2.6.1.40. Determinados dispositivos NETGEAR están afectados por una inyección de comandos por un atacante no autenticado. Esto afecta a RBK40 versiones anteriores a 2.5.1.16, RBR40 ver... • https://kb.netgear.com/000063770/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2019-0151 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 1%CPEs: 86EXPL: 0CVE-2021-27255 – NETGEAR R7800 funjsq_httpd Missing Authentication for Critical Function Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-27255
26 Feb 2021 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the refresh_status.aspx endpoint. The issue results from a lack of authentication required to start a service on the server. An attacker can leverage this vulnerability to execute code in the context of root. • https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.8EPSS: 0%CPEs: 86EXPL: 0CVE-2021-27256 – NETGEAR R7800 apply_save.cgi rc_service Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-27256
26 Feb 2021 — This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the rc_service parameter provided to apply_save.cgi. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can lev... • https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 86EXPL: 0CVE-2021-27257 – NETGEAR R7800 ready-genie-cloud Improper Certificate Validation Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-27257
26 Feb 2021 — This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via FTP. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the conte... • https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders • CWE-295: Improper Certificate Validation •
CVSS: 8.8EPSS: 0%CPEs: 86EXPL: 0CVE-2021-27254 – NETGEAR Nighthawk R7800 Use of Hard-coded Password Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2021-27254
25 Feb 2021 — This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the apply_save.cgi endpoint. This issue results from the use of hard-coded encryption key. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. • https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders • CWE-259: Use of Hard-coded Password CWE-798: Use of Hard-coded Credentials •
CVSS: 8.8EPSS: 0%CPEs: 86EXPL: 0CVE-2021-27251 – NETGEAR Nighthawk R7800 ready-genie-cloud Insecure Download of Critical Component Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-27251
24 Feb 2021 — This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Authentication is not required to exploit this vulnerability The specific flaw exists within handling of firmware updates. The issue results from a fallback to a insecure protocol to deliver updates. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12308. • https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders • CWE-319: Cleartext Transmission of Sensitive Information •