CVE-2020-26914
https://notcve.org/view.php?id=CVE-2020-26914
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JR6150 before 1.0.1.24, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.62, and WNR2020 before 1.1.0.62. Determinados dispositivos NETGEAR, están afectados por una inyección de comandos por parte de un usuario autenticado. Esto afecta a D6200 versiones anteriores a 1.1.00.38, D7000 versiones anteriores a 1.0.1.78, JR6150 versiones anteriores a 1.0.1.24, R6020 versiones anteriores a 1.0.0.42, R6050 versiones anteriores a 1.0.1.24, R6080 versiones anteriores a 1.0.0.42, R6120 versiones anteriores a 1.0.0.66, R6220 versiones anteriores a 1.1.0.100, R6260 versiones anteriores a 1.1.0.64, R6700v2 versiones anteriores a 1.2.0.62, R6800 versiones anteriores a 1.2.0.62, R6900v2 versiones anteriores a 1.2.0.62, R7450 versiones anteriores a 1.2.0.62 y WNR2020 versiones anteriores a 1.1.0.62 • https://kb.netgear.com/000062339/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-PSV-2019-0014 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2020-26916
https://notcve.org/view.php?id=CVE-2020-26916
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JR6150 before 1.0.1.24, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.50, and WNR2020 before 1.1.0.62. Determinados dispositivos NETGEAR, están afectados por una configuración incorrecta de los ajustes de seguridad. Esto afecta a D6200 versiones anteriores a 1.1.00.38, D7000 versiones anteriores a 1.0.1.78, JR6150 versiones anteriores a 1.0.1.24, R6020 versiones anteriores a 1.0.0.42, R6050 versiones anteriores a 1.0.1.24, R6080 versiones anteriores a 1.0.0.42, R6120 versiones anteriores a 1.0.0.66, R6220 versiones anteriores a 1.1.0.100, R6260 versiones anteriores a 1.1.0.64, R6700v2 versiones anteriores a 1.2.0.62, R6800 versiones anteriores a 1.2.0.62, R6900v2 versiones anteriores a 1.2.0.62, R7450 versiones anteriores a 1.2.0.50 y WNR2020 versiones anteriores a 1.1.0.62 • https://kb.netgear.com/000062337/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-PSV-2019-0012 •
CVE-2020-26927
https://notcve.org/view.php?id=CVE-2020-26927
Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.42, R6080 before 1.0.0.42, R6050 before 1.0.1.26, JR6150 before 1.0.1.26, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.66, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, AC2100 before 1.2.0.62, AC2400 before 1.2.0.62, AC2600 before 1.2.0.62, R7450 before 1.2.0.62, and WNR2020 before 1.1.0.62. Determinados dispositivos NETGEAR, están afectados por una omisión de autenticación. Esto afecta a D6200 versiones anteriores a 1.1.00.40, D7000 versiones anteriores a 1.0.1.78, R6020 versiones anteriores a 1.0.0.42, R6080 versiones anteriores a 1.0.0.42, R6050 versiones anteriores a 1.0.1.26, JR6150 versiones anteriores a 1.0.1.26, R6120 versiones anteriores a 1.0.0.66, R6220 versiones anteriores a 1.1.0.100, R6260 versiones anteriores a 1.1.0.66, R6700v2 versiones anteriores a 1.2.0.62, R6800 versiones anteriores a 1.2.0.62, R6900v2 versiones anteriores a 1.2.0.62, AC2100 versiones anteriores a 1.2.0.62, AC2400 versiones anteriores a 1.2.0.62, AC2600 versiones anteriores a 1.2.0.62, R7450 versiones anteriores a 1.2.0.62 y WNR2020 versiones anteriores a 1.1.0.62 • https://kb.netgear.com/000062325/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-PSV-2019-0109 •
CVE-2020-17409 – NETGEAR Multiple Routers mini_httpd Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2020-17409
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6120, R6080, R6260, R6220, R6020, JNR3210, and WNR2020 routers with firmware 1.0.66. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. • https://kb.netgear.com/000062304/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-PSV-2020-0258 https://www.zerodayinitiative.com/advisories/ZDI-20-1176 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVE-2020-13245
https://notcve.org/view.php?id=CVE-2020-13245
Certain NETGEAR devices are affected by Missing SSL Certificate Validation. This affects R7000 1.0.9.6_1.2.19 through 1.0.11.100_10.2.10, and possibly R6120, R7800, R6220, R8000, R6350, R9000, R6400, RAX120, R6400v2, RBR20, R6800, XR300, R6850, XR500, and R7000P. Determinados dispositivos NETGEAR están afectados por una falta de comprobación del certificado SSL. Esto afecta a R7000 versiones 1.0.9.6_1.2.19 hasta 1.0.11.100_10.2.10, y posiblemente a R6120, R7800, R6220, R8000, R6350, R9000, R6400, RAX120, R6400v2, RBR20, R6800, XR300, R6850, XR500 y R7000P. • https://iot-lab-fh-ooe.github.io/netgear_update_vulnerability https://www.netgear.com/about/security • CWE-295: Improper Certificate Validation •