CVSS: 8.8EPSS: 0%CPEs: 22EXPL: 0CVE-2019-20681
https://notcve.org/view.php?id=CVE-2019-20681
15 Apr 2020 — Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.34, D7000 before 1.0.1.68, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6050 before 1.0.1.18, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.64, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, and R6900v2 before 1.2.0.36. Determinados dispositivos NETGEAR están afectados por una omisión de autenticación. Esto afecta a D6200 versiones anteriores a 1.1.00.34, D7000 versiones anteriores a 1.0.1... • https://kb.netgear.com/000061458/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-and-Gateways-PSV-2018-0346 •
CVSS: 8.0EPSS: 0%CPEs: 42EXPL: 0CVE-2019-20680
https://notcve.org/view.php?id=CVE-2019-20680
15 Apr 2020 — Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7000v2 before 1.0.0.53, R6220 before 1.1.0.80, R6260 before 1.1.0.64, R6700 before 1.0.2.6, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900 before 1.0.2.4, R6900P before 1.3.1.64, R6900v2 before 1.2.0.36, R7000 before 1.0.9.60, R7000P before 1.3.1.64, R7800 before 1.0.2.60, R7900 before 1.0.3.8, R7900P before 1.4.1.30, R8000 before 1.0.4.46, R8000P before 1.4.1.30, R8300 before 1.0.2.128, R8500 before 1.0... • https://kb.netgear.com/000061459/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-Gateways-PSV-2018-0388 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.0EPSS: 0%CPEs: 30EXPL: 0CVE-2019-20657
https://notcve.org/view.php?id=CVE-2019-20657
15 Apr 2020 — Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D6200 before 1.1.00.36, D7000 before 1.0.1.74, PR2000 before 1.0.0.28, R6020 before 1.0.0.42, R6080 before 1.0.0.42, R6050 before 1.0.1.24, JR6150 before 1.0.1.24, R6120 before 1.0.0.48, R6220 before 1.1.0.86, R6230 before 1.1.0.86, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, and WNR2020 before 1.1.0.62. Determinados dispositivos NETGEAR están afectados por un ... • https://kb.netgear.com/000061482/Security-Advisory-for-Post-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2018-0619 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 0%CPEs: 30EXPL: 0CVE-2019-20656
https://notcve.org/view.php?id=CVE-2019-20656
15 Apr 2020 — Certain NETGEAR devices are affected by a hardcoded password. This affects D6200 before 1.1.00.36, D7000 before 1.0.1.74, PR2000 before 1.0.0.30, R6020 before 1.0.0.42, R6080 before 1.0.0.42, R6050 before 1.0.1.24, JR6150 before 1.0.1.24, R6120 before 1.0.0.48, R6220 before 1.1.0.86, R6230 before 1.1.0.86, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, and WNR2020 before 1.1.0.62. Determinados dispositivos NETGEAR están afectados por una contraseña embebida. ... • https://kb.netgear.com/000061483/Security-Advisory-for-Hardcoded-Password-on-Some-Routers-and-Gateways-PSV-2018-0623 • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.8EPSS: 0%CPEs: 34EXPL: 0CVE-2019-20640
https://notcve.org/view.php?id=CVE-2019-20640
15 Apr 2020 — Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6200 before 1.1.00.32, D7000 before 1.0.1.68, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6050 before 1.0.1.18, R6080 before 1.0.0.38, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.40, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, WNR2020 before 1.1.0.62, and XR500 before 2.3... • https://kb.netgear.com/000061504/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2018-0304 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 24EXPL: 0CVE-2020-11788
https://notcve.org/view.php?id=CVE-2020-11788
15 Apr 2020 — Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.34, D7000 before 1.0.1.68, PR2000 before 1.0.0.28, R6050 before 1.0.1.18, JR6150 before 1.0.1.18, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6230 before 1.1.0.80, R6260 before 1.1.0.64, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, and R6900v2 before 1.2.0.36. Determinados dispositivos NETGEAR están afectados por una omisión de autenticación. Esto afecta a D6200 versiones anteriores a 1.1.00.34, D7000 versi... • https://kb.netgear.com/000061742/Security-Advisory-for-Authentication-Bypass-on-Some-Gateways-and-Routers-PSV-2018-0570 •
CVSS: 8.8EPSS: 3%CPEs: 60EXPL: 0CVE-2020-11770
https://notcve.org/view.php?id=CVE-2020-11770
15 Apr 2020 — Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6220 before 1.0.0.52, D6400 before 1.0.0.86, D7000v2 before 1.0.0.53, D8500 before 1.0.3.44, R6220 before 1.1.0.80, R6250 before 1.0.4.34, R6260 before 1.1.0.64, R6400 before 1.0.1.46, R6400v2 before 1.0.2.66, R6700 before 1.0.2.6, R6700v2 before 1.2.0.36, R6700v3 before 1.0.2.66, R6800 before 1.2.0.36, R6900 before 1.0.2.4, R6900P before 1.3.1.64, R6900v2 before 1.2.0.36, R7000 before 1.0.9.42, R7000P before 1... • https://kb.netgear.com/000061760/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-Gateways-PSV-2018-0352 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.4EPSS: 5%CPEs: 2EXPL: 1CVE-2019-17137 – NETGEAR AC1200 mini_httpd Poison Null Byte Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2019-17137
10 Oct 2019 — This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR AC1200 R6220 Firmware version 1.1.0.86 Smart WiFi Router. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of path strings. By inserting a null byte into the path, the user can skip most authentication checks. An attacker can leverage this vulnerability to bypass authentication on the system. • https://github.com/vncloudsco/CVE-2019-17137 • CWE-626: Null Byte Interaction Error (Poison Null Byte) •