Page 5 of 124 results (0.008 seconds)

CVSS: 8.8EPSS: 0%CPEs: 48EXPL: 0

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the circled daemon. A crafted circleinfo.txt file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. • https://kb.netgear.com/000064721/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0324 https://www.zerodayinitiative.com/advisories/ZDI-22-523 • CWE-121: Stack-based Buffer Overflow •

CVSS: 8.8EPSS: 0%CPEs: 48EXPL: 0

This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. • https://kb.netgear.com/000064721/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0324 https://www.zerodayinitiative.com/advisories/ZDI-22-520 • CWE-295: Improper Certificate Validation •

CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0

Certain NETGEAR devices are affected by authentication bypass. This affects R6900P before 1.3.3.140, R7000P before 1.3.3.140, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000P before 1.4.2.84, RAX75 before 1.0.3.106, and RAX80 before 1.0.3.106. Determinados dispositivos NETGEAR están afectados por una omisión de autenticación. Esto afecta a R6900P versiones anteriores a 1.3.3.140, a R7000P versiones anteriores a 1.3.3.140, a R7900P versiones anteriores a 1.4.2.84, a R7960P versiones anteriores a 1.4.2.84, a R8000P versiones anteriores a 1.4.2.84, a RAX75 versiones anteriores a 1.0.3.106 y a RAX80 versiones anteriores a 1.0.3.106 • https://kb.netgear.com/000064445/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-PSV-2019-0027 •

CVSS: 9.6EPSS: 0%CPEs: 4EXPL: 0

Certain NETGEAR devices are affected by authentication bypass. This affects R7000P before 1.3.3.140 and R8000 before 1.0.4.68. Determinados dispositivos NETGEAR están afectados por la omisión de autenticación. Esto afecta a R7000P versiones anteriores a 1.3.3.140 y a R8000 versiones anteriores a 1.0.4.68 • https://kb.netgear.com/000064070/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-PSV-2019-0183 •

CVSS: 9.8EPSS: 0%CPEs: 42EXPL: 0

Certain NETGEAR devices are affected by weak cryptography. This affects D7000v2 before 1.0.0.62, D8500 before 1.0.3.50, EX3700 before 1.0.0.84, EX3800 before 1.0.0.84, EX6120 before 1.0.0.54, EX6130 before 1.0.0.36, EX7000 before 1.0.1.90, R6250 before 1.0.4.42, R6400v2 before 1.0.4.98, R6700v3 before 1.0.4.98, R6900P before 1.3.2.124, R7000 before 1.0.11.106, R7000P before 1.3.2.124, R7100LG before 1.0.0.56, R7900 before 1.0.4.26, R8000 before 1.0.4.58, R8300 before 1.0.2.134, R8500 before 1.0.2.134, RS400 before 1.5.0.48, WNR3500Lv2 before 1.2.0.62, and XR300 before 1.0.3.50. Determinados dispositivos NETGEAR están afectados por una criptografía débil. Esto afecta a D7000v2 versiones anteriores a 1.0.0.62, D8500 versiones anteriores a 1.0.3.50, EX3700 versiones anteriores a 1.0.0.84, EX3800 versiones anteriores a 1.0.0.84, EX6120 versiones anteriores a 1.0.0. 54, EX6130 versiones anteriores a 1.0.0.36, EX7000 versiones anteriores a 1.0.1.90, R6250 versiones anteriores a 1.0.4.42, R6400v2 versiones anteriores a 1.0.4.98, R6700v3 versiones anteriores a 1.0.4.98, R6900P versiones anteriores a 1. 3.2.124, R7000 versiones anteriores a 1.0.11.106, R7000P versiones anteriores a 1.3.2.124, R7100LG versiones anteriores a 1.0.0.56, R7900 versiones anteriores a 1.0.4.26, R8000 versiones anteriores a 1.0.4. 58, R8300 versiones anteriores a 1.0.2.134, R8500 versiones anteriores a 1.0.2.134, RS400 versiones anteriores a 1.5.0.48, WNR3500Lv2 versiones anteriores a 1.2.0.62 y XR300 versiones anteriores a 1.0.3.50 • https://kb.netgear.com/000064117/Security-Advisory-for-Broken-Cryptography-on-Some-Routers-and-Extenders-PSV-2020-0134 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •