CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1CVE-2022-24655
https://notcve.org/view.php?id=CVE-2022-24655
18 Mar 2022 — A stack overflow vulnerability exists in the upnpd service in Netgear EX6100v1 201.0.2.28, CAX80 2.1.2.6, and DC112A 1.0.0.62, which may lead to the execution of arbitrary code without authentication. Se presenta una vulnerabilidad de desbordamiento de pila en el servicio upnpd de Netgear EX6100v1 versión 201.0.2.28, CAX80 versión 2.1.2.6 y DC112A versión 1.0.0.62, que puede conllevar a una ejecución de código arbitrario sin autenticación • https://github.com/doudoudedi/Netgear_product_stack_overflow/blob/main/NETGEAR%20EX%20series%20upnpd%20stack_overflow.md • CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 10EXPL: 1CVE-2021-44261
https://notcve.org/view.php?id=CVE-2021-44261
17 Mar 2022 — A vulnerability is in the 'BRS_top.html' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes firmware version information for the device. Se presenta una vulnerabilidad en la página "BRS_top.html" del Netgear W104, versión WAC104-V1.0.4.13, que puede permitir a un atacante remoto acceder a esta página sin ninguna autenticación. Cuando es procesado, expone la información de la versión del firmware del... • https://github.com/zer0yu/CVE_Request/blob/master/netgear/Netgear_W104_unauthorized_access_vulnerability_first.md • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 1CVE-2021-44262
https://notcve.org/view.php?id=CVE-2021-44262
17 Mar 2022 — A vulnerability is in the 'MNU_top.htm' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes some key information for the device. Se presenta una vulnerabilidad en la página "MNU_top.htm" del Netgear W104, versión WAC104-V1.0.4.13, que puede permitir a un atacante remoto acceder a esta página sin ninguna autenticación. Cuando es procesado, expone determinada información clave para el dispositivo • https://github.com/zer0yu/CVE_Request/blob/master/netgear/Netgear_W104_unauthorized_access_vulnerability_second.md • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2021-46382
https://notcve.org/view.php?id=CVE-2021-46382
04 Mar 2022 — Unauthenticated cross-site scripting (XSS) in Netgear WAC120 AC Access Point may lead to mulitple attacks like session hijacking even clipboard hijacking. Una vulnerabilidad de tipo cross-site scripting (XSS) no autenticado en Netgear WAC120 AC Access Point puede conllevar a múltiples ataques como el secuestro de sesión e incluso el secuestro del portapapeles • https://drive.google.com/drive/folders/1NOIoT8yE_HDoLVYhchml5E2Za3Oo6V9Y?usp=sharing • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20175
https://notcve.org/view.php?id=CVE-2021-20175
30 Dec 2021 — Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure communication methods to the SOAP interface. By default, all communication to/from the device's SOAP Interface (port 5000) is sent via HTTP, which causes potentially sensitive information (such as usernames and passwords) to be transmitted in cleartext Netgear Nighthawk R6700 versión 1.0.4.120, no usa métodos de comunicación seguros para la interfaz SOAP. De forma predeterminada, toda la comunicación hacia/desde la interfaz SOAP del dispositi... • https://www.tenable.com/security/research/tra-2021-57 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20174
https://notcve.org/view.php?id=CVE-2021-20174
30 Dec 2021 — Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure communication methods to the web interface. By default, all communication to/from the device's web interface is sent via HTTP, which causes potentially sensitive information (such as usernames and passwords) to be transmitted in cleartext. Netgear Nighthawk R6700 versión 1.0.4.120, no usa métodos de comunicación seguros con la interfaz web. Por defecto, toda la comunicación hacia/desde la interfaz web del dispositivo es enviada por medio de H... • https://www.tenable.com/security/research/tra-2021-57 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 1CVE-2021-20173
https://notcve.org/view.php?id=CVE-2021-20173
30 Dec 2021 — Netgear Nighthawk R6700 version 1.0.4.120 contains a command injection vulnerability in update functionality of the device. By triggering a system update check via the SOAP interface, the device is susceptible to command injection via preconfigured values. Netgear Nighthawk R6700 versión 1.0.4.120, contiene una vulnerabilidad de inyección de comandos en la funcionalidad update del dispositivo. Al desencadenar una comprobación de actualización del sistema por medio de la interfaz SOAP, el dispositivo es susc... • https://www.tenable.com/security/research/tra-2021-57 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-45077
https://notcve.org/view.php?id=CVE-2021-45077
30 Dec 2021 — Netgear Nighthawk R6700 version 1.0.4.120 stores sensitive information in plaintext. All usernames and passwords for the device's associated services are stored in plaintext on the device. For example, the admin password is stored in plaintext in the primary configuration file on the device. Netgear Nighthawk R6700 versión 1.0.4.120, almacena información confidencial en texto plano. Todos los nombres de usuario y las contraseñas de los servicios asociados al dispositivo se almacenan en texto plano en el dis... • https://www.tenable.com/security/research/tra-2021-57 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2021-23147
https://notcve.org/view.php?id=CVE-2021-23147
30 Dec 2021 — Netgear Nighthawk R6700 version 1.0.4.120 does not have sufficient protections for the UART console. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection and execute commands as the root user without authentication. Netgear Nighthawk R6700 versión 1.0.4.120, no presenta suficientes protecciones para la consola UART. Un actor malicioso con acceso físico al dispositivo puede conectarse al puerto UART por medio de una conexión serie y ejecutar comando... • https://www.tenable.com/security/research/tra-2021-57 • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-45732
https://notcve.org/view.php?id=CVE-2021-45732
30 Dec 2021 — Netgear Nighthawk R6700 version 1.0.4.120 makes use of a hardcoded credential. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted/obfuscated. By extracting the configuration using readily available public tools, a user can reconfigure settings not intended to be manipulated, repackage the configuration, and restore a backup causing these settings to be changed. Netgear Nighthawk R6700 versión 1.0.4.120, usa una credencial ... • https://www.tenable.com/security/research/tra-2021-57 • CWE-798: Use of Hard-coded Credentials •