CVSS: 10.0EPSS: 0%CPEs: 30EXPL: 0CVE-2020-26908
https://notcve.org/view.php?id=CVE-2020-26908
09 Oct 2020 — Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.36, D7000 before 1.0.1.74, PR2000 before 1.0.0.30, R6020 before 1.0.0.42, R6050 before 1.0.1.22, JR6150 before 1.0.1.22, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R69002 before 1.2.0.62, and WNR2020 before 1.1.0.62. Determinados dispositivos NETGEAR, están afectados por una omisión de autenti... • https://kb.netgear.com/000062346/Security-Advisory-for-Authentication-Bypass-Some-Modems-and-Routers-PSV-2019-0001 •
CVSS: 8.8EPSS: 0%CPEs: 28EXPL: 0CVE-2020-26911
https://notcve.org/view.php?id=CVE-2020-26911
09 Oct 2020 — Certain NETGEAR devices are affected by lack of access control at the function level. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JR6150 before 1.0.1.24, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.62, and WNR2020 before 1.1.0.62. Determinados dispositivos NETGEAR, están afectados por una falta de control de... • https://kb.netgear.com/000062342/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Routers-PSV-2019-0016 •
CVSS: 8.8EPSS: 0%CPEs: 28EXPL: 0CVE-2020-26912
https://notcve.org/view.php?id=CVE-2020-26912
09 Oct 2020 — Certain NETGEAR devices are affected by CSRF. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JR6150 before 1.0.1.24, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.62, and WNR2020 before 1.1.0.62. Determinados dispositivos NETGEAR, están afectados por una vulnerabilidad de tipo CSRF. Esto afecta a D6200 versi... • https://kb.netgear.com/000062341/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Routers-PSV-2019-0018 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.1EPSS: 0%CPEs: 28EXPL: 0CVE-2020-26914
https://notcve.org/view.php?id=CVE-2020-26914
09 Oct 2020 — Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JR6150 before 1.0.1.24, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.62, and WNR2020 before 1.1.0.62. Determinados dispositivos NETGEAR, están afectados por una inyección de comandos... • https://kb.netgear.com/000062339/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-PSV-2019-0014 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.3EPSS: 0%CPEs: 28EXPL: 0CVE-2020-26916
https://notcve.org/view.php?id=CVE-2020-26916
09 Oct 2020 — Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JR6150 before 1.0.1.24, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.50, and WNR2020 before 1.1.0.62. Determinados dispositivos NETGEAR, están afectados por una configuración incor... • https://kb.netgear.com/000062337/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-PSV-2019-0012 •
CVSS: 9.8EPSS: 0%CPEs: 34EXPL: 0CVE-2020-26927
https://notcve.org/view.php?id=CVE-2020-26927
09 Oct 2020 — Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.42, R6080 before 1.0.0.42, R6050 before 1.0.1.26, JR6150 before 1.0.1.26, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.66, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, AC2100 before 1.2.0.62, AC2400 before 1.2.0.62, AC2600 before 1.2.0.62, R7450 before 1.2.0.62, and WNR2020 before 1.1.0.62. Determinados dispositivos NET... • https://kb.netgear.com/000062325/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-PSV-2019-0109 •
CVSS: 8.0EPSS: 0%CPEs: 4EXPL: 0CVE-2020-26929
https://notcve.org/view.php?id=CVE-2020-26929
09 Oct 2020 — Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6220 before 1.1.0.100 and R6230 before 1.1.0.100. Determinados dispositivos NETGEAR, están afectados por una inyección de comandos por parte de un usuario autenticado. Esto afecta a R6220 versiones anteriores a 1.1.0.100 y R6230 versiones anteriores a 1.1.0.100 • https://kb.netgear.com/000062323/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-PSV-2019-0011 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 22EXPL: 0CVE-2020-17409 – NETGEAR Multiple Routers mini_httpd Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2020-17409
15 Sep 2020 — This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6120, R6080, R6260, R6220, R6020, JNR3210, and WNR2020 routers with firmware 1.0.66. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to disclose ... • https://kb.netgear.com/000062304/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-PSV-2020-0258 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 7.5EPSS: 0%CPEs: 120EXPL: 0CVE-2016-11059
https://notcve.org/view.php?id=CVE-2016-11059
28 Apr 2020 — Certain NETGEAR devices are affected by password exposure. This affects AC1450 before 2017-01-06, C6300 before 2017-01-06, D500 before 2017-01-06, D1500 before 2017-01-06, D3600 before 2017-01-06, D6000 before 2017-01-06, D6100 before 2017-01-06, D6200 before 2017-01-06, D6200B before 2017-01-06, D6300B before 2017-01-06, D6300 before 2017-01-06, DGN1000v3 before 2017-01-06, DGN2200v1 before 2017-01-06, DGN2200v3 before 2017-01-06, DGN2200V4 before 2017-01-06, DGN2200Bv3 before 2017-01-06, DGN2200Bv4 before... • https://kb.netgear.com/27253/NETGEAR-Product-Vulnerability-Advisory-Authentication-Bypass-and-Information-Disclosure-on-Home-Routers • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2016-11057
https://notcve.org/view.php?id=CVE-2016-11057
28 Apr 2020 — Certain NETGEAR devices are affected by mishandling of repeated URL calls. This affects JNR1010v2 before 2017-01-06, WNR614 before 2017-01-06, WNR618 before 2017-01-06, JWNR2000v5 before 2017-01-06, WNR2020 before 2017-01-06, JWNR2010v5 before 2017-01-06, WNR1000v4 before 2017-01-06, WNR2020v2 before 2017-01-06, R6220 before 2017-01-06, and WNDR3700v5 before 2017-01-06. Determinados dispositivos de NETGEAR están afectados por el manejo inapropiado de llamadas URL repetidas. Esto afecta a JNR1010v2 hasta el ... • https://kb.netgear.com/29960/NETGEAR-Product-Vulnerability-Advisory-Potential-security-issue-associated-with-remote-management • CWE-287: Improper Authentication •