CVSS: 6.5EPSS: 0%CPEs: 22EXPL: 0CVE-2020-17409 – NETGEAR Multiple Routers mini_httpd Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2020-17409
15 Sep 2020 — This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6120, R6080, R6260, R6220, R6020, JNR3210, and WNR2020 routers with firmware 1.0.66. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to disclose ... • https://kb.netgear.com/000062304/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-PSV-2020-0258 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 8.8EPSS: 0%CPEs: 58EXPL: 0CVE-2017-18703
https://notcve.org/view.php?id=CVE-2017-18703
24 Apr 2020 — Certain NETGEAR devices are affected by CSRF. This affects D1500 before 1.0.0.25, D500 before 1.0.0.25, D6100 before 1.0.0.55, D7000 before 1.0.1.50, D7800 before 1.0.1.28, EX6100v2 before 1.0.1.60, EX6150v2 before 1.0.1.60, JNR1010v2 before 1.1.0.46, JR6150 before 1.0.1.16, JWNR2010v5 before 1.1.0.46, PR2000 before 1.0.0.18, R6020 before 1.0.0.26, R6050 before 1.0.1.16, R6080 before 1.0.0.26, R6100 before 1.0.1.20, R6220 before 1.1.0.60, R7500 before 1.0.0.118, R7500v2 before 1.0.3.20, R7800 before 1.0.2.4... • https://kb.netgear.com/000053199/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Routers-Gateways-and-Extenders-PSV-2017-0736 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0CVE-2017-18719
https://notcve.org/view.php?id=CVE-2017-18719
24 Apr 2020 — Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6020 before 1.1.00.26, R6080 before 1.1.00.26; R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42. Determinados dispositivos NETGEAR están afectados por un desbordamiento del búfer en la región stack de la memoria por parte de un atacante no autenticado. Esto afecta a D6200 versiones anteriores a la versión 1.1.00.24, R6020 versiones anteriores ... • https://kb.netgear.com/000052278/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Routers-PSV-2017-2150 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2017-18726
https://notcve.org/view.php?id=CVE-2017-18726
24 Apr 2020 — Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects R6020 before 1.0.0.30, R6080 before 1.0.0.30, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42. Determinados dispositivos NETGEAR están afectados por un desbordamiento del búfer en la región stack de la memoria por parte de un atacante no autenticado. Esto afecta a R6020 versiones anteriores a la versión 1.0.0.30, R6080 versiones anteriores a la versión 1.0.0.30, R670... • https://kb.netgear.com/000051529/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Routers-PSV-2017-2139 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0CVE-2017-18729
https://notcve.org/view.php?id=CVE-2017-18729
24 Apr 2020 — Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6020 before 1.0.0.30, R6080 before 1.0.0.30, R6120 before 1.0.0.36, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42. Determinados dispositivos NETGEAR están afectados por un desbordamiento del búfer en la región stack de la memoria por parte de un atacante no autenticado. Esto afecta a D6200 versiones anteriores a la versión 1.1.00.24, R6020 ... • https://kb.netgear.com/000051526/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2135 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0CVE-2017-18730
https://notcve.org/view.php?id=CVE-2017-18730
24 Apr 2020 — Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6020 before 1.0.0.30, R6080 before 1.0.0.30, R6120 before 1.0.0.36, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42. Determinados dispositivos NETGEAR están afectados por un desbordamiento del búfer en la región stack de la memoria por parte de un atacante no autenticado. Esto afecta a D6200 versiones anteriores a la versión 1.1.00.24, R6020 ... • https://kb.netgear.com/000051525/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2134 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 114EXPL: 0CVE-2018-21139
https://notcve.org/view.php?id=CVE-2018-21139
23 Apr 2020 — Certain NETGEAR devices are affected by disclosure of sensitive information. This affects D1500 before 1.0.0.27, D500 before 1.0.0.27, D6100 before 1.0.0.58, D6200 before 1.1.00.30, D6220 before 1.0.0.46, D6400 before 1.0.0.82, D7000 before 1.0.1.68, D7000v2 before 1.0.0.51, D7800 before 1.0.1.42, D8500 before 1.0.3.42, DC112A before 1.0.0.40, DGN2200Bv4 before 1.0.0.102, DGN2200v4 before 1.0.0.102, JNR1010v2 before 1.1.0.54, JR6150 before 1.0.1.18, JWNR2010v5 before 1.1.0.54, PR2000 before 1.0.0.24, R6020 ... • https://kb.netgear.com/000060220/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Smart-Cradles-PSV-2017-2198 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.4EPSS: 0%CPEs: 36EXPL: 0CVE-2017-18779
https://notcve.org/view.php?id=CVE-2017-18779
22 Apr 2020 — Certain NETGEAR devices are affected by a buffer overflow. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.12, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 before 1.0.1.12, R6080 before 1.0.0.26, R6120 before 1.0.0.36, R6220 before 1.1.0.60, R6700v2 before 1.2.0.12, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1... • https://kb.netgear.com/000049541/Security-Advisory-for-Buffer-Overflow-on-Some-Routers-PSV-2017-2956 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.2EPSS: 0%CPEs: 36EXPL: 0CVE-2017-18780
https://notcve.org/view.php?id=CVE-2017-18780
22 Apr 2020 — Certain NETGEAR devices are affected by denial of service. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.12, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 before 1.0.1.12, R6080 before 1.0.0.26, R6120 before 1.0.0.36, R6220 before 1.1.0.60, R6700v2 before 1.2.0.12, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1... • https://kb.netgear.com/000049539/Security-Advisory-for-Denial-of-Service-on-Some-Routers-PSV-2017-2955 •
CVSS: 8.8EPSS: 0%CPEs: 36EXPL: 0CVE-2017-18781
https://notcve.org/view.php?id=CVE-2017-18781
22 Apr 2020 — Certain NETGEAR devices are affected by CSRF. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, JR6150 before 1.0.1.12, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 before 1.0.1.12, R6080 before 1.0.0.26, R6120 before 1.0.0.36, R6220 before 1.1.0.60, R6700v2 before 1.2.0.12, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44. Determ... • https://kb.netgear.com/000049538/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Routers-PSV-2017-2954 • CWE-352: Cross-Site Request Forgery (CSRF) •