CVSS: 6.0EPSS: 0%CPEs: 34EXPL: 0CVE-2020-11768
https://notcve.org/view.php?id=CVE-2020-11768
15 Apr 2020 — Certain NETGEAR devices are affected by Stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, RBK50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. Determinados dispositivos NETGEAR están afectados... • https://kb.netgear.com/000061762/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-Gateways-and-WiFi-Systems-PSV-2018-0533 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 22EXPL: 0CVE-2019-20767
https://notcve.org/view.php?id=CVE-2019-20767
15 Apr 2020 — Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.60, D3600 before 1.0.0.75, D6000 before 1.0.0.75, R9000 before 1.0.4.26, R8900 before 1.0.4.26, R7800 before 1.0.2.52, WNDR4500v3 before 1.0.0.58, WNDR4300v2 before 1.0.0.58, WNDR4300 before 1.0.2.104, WNDR3700v4 before 1.0.2.102, and WNR2000v5 before 1.0.0.66. Determinados dispositivos NETGEAR están afectados por un desbordamiento del búfer en la región stack de la memoria por par... • https://kb.netgear.com/000060632/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Modem-Routers-PSV-2018-0116 • CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2019-12513 – Stored XSS via DHCP Discover Request Hostname
https://notcve.org/view.php?id=CVE-2019-12513
24 Feb 2020 — In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, by sending a DHCP discover request containing a malicious hostname field, an attacker may execute stored XSS attacks against this device. When the malicious DHCP request is received, the device will generate a log entry containing the malicious hostname. This log entry may then be viewed at Advanced settings->Administration->Logs to trigger the exploit. Although this value is inserted into a textarea tag, converted to all-caps, and limited in length, attacks ... • https://www.ise.io/casestudies/sohopelessly-broken-2-0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2019-12512 – Stored XSS via X-Forwarded-For Header During Incorrect Login
https://notcve.org/view.php?id=CVE-2019-12512
24 Feb 2020 — In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, an attacker may execute stored XSS attacks against this device by supplying a malicious X-Forwarded-For header while performing an incorrect login attempt. The value supplied by this header will be inserted into administrative logs, found at Advanced settings->Administration->Logs, and may trigger when the page is viewed. Although this value is inserted into a textarea tag, the attack simply needs to supply a closing textarea tag. En NETGEAR Nighthawk X10-R90... • https://www.ise.io/casestudies/sohopelessly-broken-2-0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-12511 – Root Command Injection via MAC Address in SOAP API
https://notcve.org/view.php?id=CVE-2019-12511
24 Feb 2020 — In NETGEAR Nighthawk X10-R9000 prior to 1.0.4.26, an attacker may execute arbitrary system commands as root by sending a specially-crafted MAC address to the "NETGEAR Genie" SOAP endpoint at AdvancedQoS:GetCurrentBandwidthByMAC. Although this requires QoS being enabled, advanced QoS being enabled, and a valid authentication JWT, additional vulnerabilities (CVE-2019-12510) allow an attacker to interact with the entire SOAP API without authentication. Additionally, DNS rebinding techniques may be used to expl... • https://www.ise.io/casestudies/sohopelessly-broken-2-0 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 1CVE-2019-12510 – Auth Bypass Via X-Forwarded-For Header in SOAP API
https://notcve.org/view.php?id=CVE-2019-12510
24 Feb 2020 — In NETGEAR Nighthawk X10-R900 prior to 1.0.4.26, an attacker may bypass all authentication checks on the device's "NETGEAR Genie" SOAP API ("/soap/server_sa") by supplying a malicious X-Forwarded-For header of the device's LAN IP address (192.168.1.1) in every request. As a result, an attacker may modify almost all of the device's settings and view various configuration settings. En NETGEAR Nighthawk X10-R900 versiones anteriores a 1.0.4.26, un atacante puede omitir todas las verificaciones de autenticación... • https://www.ise.io/casestudies/sohopelessly-broken-2-0 • CWE-345: Insufficient Verification of Data Authenticity •