CVSS: 8.8EPSS: 0%CPEs: 26EXPL: 0CVE-2020-28373
https://notcve.org/view.php?id=CVE-2020-28373
09 Nov 2020 — upnpd on certain NETGEAR devices allows remote (LAN) attackers to execute arbitrary code via a stack-based buffer overflow. This affects R6400v2 V1.0.4.102_10.0.75, R6400 V1.0.1.62_1.0.41, R7000P V1.3.2.126_10.1.66, XR300 V1.0.3.50_10.3.36, R8000 V1.0.4.62, R8300 V1.0.2.136, R8500 V1.0.2.136, R7300DST V1.0.0.74, R7850 V1.0.5.64, R7900 V1.0.4.30, RAX20 V1.0.2.64, RAX80 V1.0.3.102, and R6250 V1.0.4.44. upnpd en determinados dispositivos NETGEAR permite a atacantes remotos (LAN) ejecutar código arbitrario por ... • https://github.com/cpeggg/Netgear-upnpd-poc • CWE-787: Out-of-bounds Write •
CVSS: 5.9EPSS: 0%CPEs: 30EXPL: 1CVE-2020-13245
https://notcve.org/view.php?id=CVE-2020-13245
28 May 2020 — Certain NETGEAR devices are affected by Missing SSL Certificate Validation. This affects R7000 1.0.9.6_1.2.19 through 1.0.11.100_10.2.10, and possibly R6120, R7800, R6220, R8000, R6350, R9000, R6400, RAX120, R6400v2, RBR20, R6800, XR300, R6850, XR500, and R7000P. Determinados dispositivos NETGEAR están afectados por una falta de comprobación del certificado SSL. Esto afecta a R7000 versiones 1.0.9.6_1.2.19 hasta 1.0.11.100_10.2.10, y posiblemente a R6120, R7800, R6220, R8000, R6350, R9000, R6400, RAX120, R6... • https://iot-lab-fh-ooe.github.io/netgear_update_vulnerability • CWE-295: Improper Certificate Validation •