CVSS: 8.4EPSS: 0%CPEs: 24EXPL: 0CVE-2021-29081
https://notcve.org/view.php?id=CVE-2021-29081
23 Mar 2021 — Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects RBW30 before 2.6.2.2, RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, RBK753 before 3.2.17.12, RBK753S before 3.2.17.12, RBK754 before 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12. Determinados dispositivos NETGEAR están afectados por un desbordamiento del búfer en la región ... • https://kb.netgear.com/000063012/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-WiFi-Systems-PSV-2020-0465 • CWE-787: Out-of-bounds Write •
CVSS: 9.6EPSS: 0%CPEs: 26EXPL: 0CVE-2021-29082
https://notcve.org/view.php?id=CVE-2021-29082
23 Mar 2021 — Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBW30 before 2.6.1.4, RBS40V before 2.6.1.4, RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBK754 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBK854 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. Determinados dispositivos NETGEAR están afectados por una divulgación de información confidencial... • https://kb.netgear.com/000063005/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-WiFi-Systems-PSV-2020-0037 •
CVSS: 9.9EPSS: 0%CPEs: 168EXPL: 0CVE-2021-29068
https://notcve.org/view.php?id=CVE-2021-29068
23 Mar 2021 — Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R6700v3 before 1.0.4.98, R6400v2 before 1.0.4.98, R7000 before 1.0.11.106, R6900P before 1.3.2.124, R7000P before 1.3.2.124, R7900 before 1.0.4.26, R7850 before 1.0.5.60, R8000 before 1.0.4.58, RS400 before 1.5.0.48, R6400 before 1.0.1.62, R6700 before 1.0.2.16, R6900 before 1.0.2.16, MK60 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, CBR40 before 2.5.0.10, R8000P before 1.4.1.62, R7960P before... • https://kb.netgear.com/000063021/Security-Advisory-for-Post-Authentication-Buffer-Overflow-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0155 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-35233
https://notcve.org/view.php?id=CVE-2020-35233
10 Mar 2021 — The TFTP server fails to handle multiple connections on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices, and allows external attackers to force device reboots by sending concurrent connections, aka a denial of service attack. El servidor TFTP no puede manejar múltiples conexiones en dispositivos NETGEAR JGS516PE/GS116Ev2 versión v2.6.0.43 y permite a atacantes externos forzar el reinicio del dispositivo mediante el envío conexiones simultáneas, también se conoce como un ataque de denegación de servicio • https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-35231
https://notcve.org/view.php?id=CVE-2020-35231
10 Mar 2021 — The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was affected by an authentication issue that allows an attacker to bypass access controls and obtain full control of the device. La implementación del protocolo NSDP en dispositivos NETGEAR JGS516PE/GS116Ev2 v2.6.0.43, está afectada por un problema de autenticación que permite a un atacante omitir los controles de acceso y obtener el control total del dispositivo • https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches • CWE-287: Improper Authentication •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-35230
https://notcve.org/view.php?id=CVE-2020-35230
10 Mar 2021 — Multiple integer overflow parameters were found in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices. Most of the integer parameters sent through the web server can be abused to cause a denial of service attack. Se encontraron varios parámetros de desbordamiento de enteros en el panel de administración web de los dispositivos NETGEAR JGS516PE/GS116Ev2 versión v2.6.0.43. La mayoría de los parámetros enteros enviados por medio del servidor web pueden ser abusados para causar un ... • https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-35229
https://notcve.org/view.php?id=CVE-2020-35229
10 Mar 2021 — The authentication token required to execute NSDP write requests on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices is not properly invalidated and can be reused until a new token is generated, which allows attackers (with access to network traffic) to effectively gain administrative privileges. El token de autenticación requerido para ejecutar peticiones de escritura NSDP en dispositivos NETGEAR JGS516PE/GS116Ev2 versión v2.6.0.43, no era apropiadamente comprobado y puede ser reutilizado hasta que un nuevo tok... • https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches • CWE-384: Session Fixation •
CVSS: 4.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-35228
https://notcve.org/view.php?id=CVE-2020-35228
10 Mar 2021 — A cross-site scripting (XSS) vulnerability in the administration web panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allows remote attackers to inject arbitrary web script or HTML via the language parameter. Una vulnerabilidad de tipo cross-site scripting (XSS) en el panel de administración web de los dispositivos NETGEAR JGS516PE/GS116Ev2 versión v2.6.0.43, permite a atacantes remotos inyectar código web arbitrario o HTML por medio del parámetro language • https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2020-35227
https://notcve.org/view.php?id=CVE-2020-35227
10 Mar 2021 — A buffer overflow vulnerability in the access control section on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices (in the administration web panel) allows an attacker to inject IP addresses into the whitelist via the checkedList parameter to the delete command. Una vulnerabilidad de desbordamiento del búfer en la sección de control de acceso de los dispositivos NETGEAR JGS516PE/GS116Ev2 versión v2.6.0.43, (en el panel de administración web) permite a un atacante inyectar direcciones IP en la lista blanca por med... • https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2020-35226
https://notcve.org/view.php?id=CVE-2020-35226
10 Mar 2021 — NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allow unauthenticated users to modify the switch DHCP configuration by sending the corresponding write request command. Los dispositivos NETGEAR JGS516PE/GS116Ev2 versión v2.6.0.43, permiten a usuarios no autenticados modificar la configuración DHCP del switch mediante el envío del comando de petición de escritura correspondiente • https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches • CWE-306: Missing Authentication for Critical Function •