CVSS: 10.0EPSS: 0%CPEs: 80EXPL: 0CVE-2021-45622
https://notcve.org/view.php?id=CVE-2021-45622
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, EX7500 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6400 before 1.0.1.70, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.116, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.38, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, XR1000 before 1.0.0.58, and XR300 before 1.0.3.68. Determinados dispositivos NETGEAR están afectados por una inyección de comandos por parte de un atacante no autenticado. Esto afecta a CBR40 versiones anteriores a 2.5.0.24, CBR750 versiones anteriores a 4.6.3.6, EAX20 versiones anteriores a 1.0.0.58, EAX80 versiones anteriores a 1.0.1.68, EX7500 versiones anteriores a 1.0.0.74, LAX20 versiones anteriores a 1.1.6.28, MK62 versiones anteriores a 1.0.6.116, MR60 versiones anteriores a 1.0.6.116, MS60 versiones anteriores a 1.0.6.116, R6400 versiones anteriores a 1.0.1. 70, R6400v2 versiones anteriores a 1.0.4.118, R6700v3 versiones anteriores a 1.0.4.118, R6900P versiones anteriores a 1.3.3.140, R7000 versiones anteriores a 1.0.11.116, R7000P versiones anteriores a 1.3.3.140, R7850 versiones anteriores a 1.0.5.68, R7900 versiones anteriores a 1.0.4.38, R7900P versiones anteriores a 1.4.2.84, R7960P versiones anteriores a 1.4.2.84, R8000 versiones anteriores a 1.0.4. 68, R8000P versiones anteriores a 1.4.2.84, RAX15 versiones anteriores a 1.0.3.96, RAX20 versiones anteriores a 1.0.3.96, RAX200 versiones anteriores a 1.0.4.120, RAX35v2 versiones anteriores a 1.0.3.96, RAX40v2 versiones anteriores a 1.0.3.96, RAX43 versiones anteriores a 1.0.3.96, RAX45 versiones anteriores a 1.0.3.96, RAX50 versiones anteriores a 1.0.3.96, RAX75 versiones anteriores a 1.0.4. 120, RAX80 versiones anteriores a 1.0.4.120, RBK752 versiones anteriores a 3.2.17.12, RBK852 versiones anteriores a 3.2.17.12, RBR750 versiones anteriores a 3.2.17.12, RBR850 versiones anteriores a 3.2.17.12, RBS750 versiones anteriores a 3.2.17.12, RBS850 versiones anteriores a 3.2.17.12, RS400 versiones anteriores a 1.5.1.80, XR1000 versiones anteriores a 1.0.0.58 y XR300 versiones anteriores a 1.0.3.68 • https://kb.netgear.com/000064509/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extender-WiFi-Systems-PSV-2020-0506 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-45625
https://notcve.org/view.php?id=CVE-2021-45625
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects XR300 before 1.0.3.68, R7000P before 1.3.3.140, and R6900P before 1.3.3.140. Determinados dispositivos NETGEAR están afectados por una inyección de comandos por parte de un atacante no autenticado. Esto afecta a XR300 versiones anteriores a 1.0.3.68, R7000P versiones anteriores a 1.3.3.140 y R6900P versiones anteriores a 1.3.3.140 • https://kb.netgear.com/000064489/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-PSV-2020-0371 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 68EXPL: 0CVE-2021-45647
https://notcve.org/view.php?id=CVE-2021-45647
Certain NETGEAR devices are affected by disclosure of sensitive information. This affects EAX80 before 1.0.1.62, EX7000 before 1.0.1.104, R6120 before 1.0.0.76, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.78, R6850 before 1.1.0.78, R6350 before 1.1.0.78, R6330 before 1.1.0.78, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6700v2 before 1.2.0.76, R7000 before 1.0.11.116, R6900P before 1.3.3.140, R7000P before 1.3.3.140, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, R7900 before 1.0.4.38, R7960P before 1.4.1.66, R8000 before 1.0.4.68, R7900P before 1.4.1.66, R8000P before 1.4.1.66, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX200 before 1.0.3.106, RAX45 before 1.0.2.72, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, and RAX80 before 1.0.3.106. Determinados dispositivos NETGEAR están afectados por una divulgación de información confidencial. Esto afecta a EAX80 versiones anteriores a 1.0.1.62, EX7000 versiones anteriores a 1.0.1.104, R6120 versiones anteriores a 1.0.0.76, R6220 versiones anteriores a 1.1.0.110, R6230 versiones anteriores a 1.1.0.110, R6260 versiones anteriores a 1.1.0.78, R6850 versiones anteriores a 1.1.0.78, R6350 versiones anteriores a 1.1.0. 78, R6330 versiones anteriores a 1.1.0.78, R6800 versiones anteriores a 1.2.0.76, R6900v2 versiones anteriores a 1.2.0.76, R6700v2 versiones anteriores a 1.2.0.76, R7000 versiones anteriores a 1.0.11.116, R6900P versiones anteriores a 1.3.3.140, R7000P versiones anteriores a 1.3.3.140, R7200 versiones anteriores a 1.2.0.76, R7350 versiones anteriores a 1. 2.0.76, R7400 versiones anteriores a 1.2.0.76, R7450 versiones anteriores a 1.2.0.76, AC2100 versiones anteriores a 1.2.0.76, AC2400 versiones anteriores a 1.2.0.76, AC2600 versiones anteriores a 1.2.0.76, R7900 versiones anteriores a 1.0.4.38, R7960P versiones anteriores a 1.4.1.66, R8000 versiones anteriores a 1.0.4.68, R7900P versiones anteriores a 1. 4.1.66, R8000P versiones anteriores a 1.4.1.66, RAX15 versiones anteriores a 1.0.2.82, RAX20 versiones anteriores a 1.0.2.82, RAX200 versiones anteriores a 1.0.3.106, RAX45 versiones anteriores a 1.0.2.72, RAX50 versiones anteriores a 1.0.2.72, RAX75 versiones anteriores a 1.0.3.106 y RAX80 versiones anteriores a 1.0.3.106 • https://kb.netgear.com/000064118/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Extenders-PSV-2020-0184 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 16EXPL: 0CVE-2021-45673
https://notcve.org/view.php?id=CVE-2021-45673
Certain NETGEAR devices are affected by stored XSS. This affects R7000 before 1.0.11.110, R7900 before 1.0.4.30, R8000 before 1.0.4.62, RAX200 before 1.0.3.106, R7000P before 1.3.3.140, RAX80 before 1.0.3.106, R6900P before 1.3.3.140, and RAX75 before 1.0.3.106. Determinados dispositivos NETGEAR están afectados por un ataque de tipo XSS almacenado. Esto afecta a R7000 versiones anteriores a 1.0.11.110, a R7900 versiones anteriores a 1.0.4.30, a R8000 versiones anteriores a 1.0.4.62, a RAX200 versiones anteriores a 1.0.3.106, a R7000P versiones anteriores a 1.3.3.140, a RAX80 versiones anteriores a 1.0.3.106, a R6900P versiones anteriores a 1.3.3.140 y a RAX75 versiones anteriores a 1.0.3.106 • https://kb.netgear.com/000064456/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-PSV-2020-0003 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.4EPSS: 0%CPEs: 8EXPL: 0CVE-2021-45679
https://notcve.org/view.php?id=CVE-2021-45679
Certain NETGEAR devices are affected by privilege escalation. This affects R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, and RS400 before 1.5.1.80. Determinados dispositivos NETGEAR están afectados por una escalada de privilegios. Esto afecta a R6900P versiones anteriores a 1.3.3.140, a R7000 versiones anteriores a 1.0.11.126, a R7000P versiones anteriores a 1.3.3.140 y a RS400 versiones anteriores a 1.5.1.80 • https://kb.netgear.com/000064528/Security-Advisory-for-Vertical-Privilege-Escalation-on-Some-Routers-PSV-2021-0043 •