Page 9 of 107 results (0.011 seconds)

CVSS: 9.1EPSS: 0%CPEs: 16EXPL: 0

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects R7000 before 1.0.11.110, R7900 before 1.0.4.30, R8000 before 1.0.4.62, RS400 before 1.5.1.80, R6400v2 before 1.0.4.102, R7000P before 1.3.2.126, R6700v3 before 1.0.4.102, and R6900P before 1.3.2.126. Determinados dispositivos NETGEAR están afectados por una divulgación de información confidencial. Esto afecta a R7000 versiones anteriores a 1.0.11.110, R7900 versiones anteriores a 1.0.4.30, R8000 versiones anteriores a 1.0.4.62, RS400 versiones anteriores a 1.5.1.80, R6400v2 versiones anteriores a 1.0.4.102, R7000P versiones anteriores a 1.3.2.126, R6700v3 versiones anteriores a 1.0.4.102 y a R6900P versiones anteriores a 1.3.2.126 • https://kb.netgear.com/000064459/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-PSV-2020-0117 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.5EPSS: 0%CPEs: 60EXPL: 0

Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, R7000 before 1.0.11.116, R7900 before 1.0.4.38, R8000 before 1.0.4.68, RAX200 before 1.0.3.106, RBS40V before 2.6.1.4, RBW30 before 2.6.1.4, EX3700 before 1.0.0.90, MR60 before 1.0.6.110, R7000P before 1.3.2.126, RAX20 before 1.0.2.82, RAX45 before 1.0.2.72, RAX80 before 1.0.3.106, EX3800 before 1.0.0.90, MS60 before 1.0.6.110, R6900P before 1.3.2.126, RAX15 before 1.0.2.82, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, RBR750 before 3.2.16.6, RBR850 before 3.2.16.6, RBS750 before 3.2.16.6, RBS850 before 3.2.16.6, RBK752 before 3.2.16.6, and RBK852 before 3.2.16.6. Determinados dispositivos NETGEAR están afectados por un ataque de tipo XSS almacenado. Esto afecta a CBR40 versiones anteriores a 2.5.0.10, EAX20 versiones anteriores a 1.0.0.48, EAX80 versiones anteriores a 1.0.1.64, EX6120 versiones anteriores a 1.0.0.64, EX6130 versiones anteriores a 1.0.0.44, EX7500 versiones anteriores a 1.0.0.72, R7000 versiones anteriores a 1.0.11 116, R7900 versiones anteriores a 1.0.4.38, R8000 versiones anteriores a 1.0.4.68, RAX200 versiones anteriores a 1.0.3.106, RBS40V versiones anteriores a 2.6.1.4, RBW30 versiones anteriores a 2.6.1.4, EX3700 versiones anteriores a 1.0.0.90, MR60 versiones anteriores a 1.0.6.110, R7000P versiones anteriores a 1.3.2. 126, RAX20 versiones anteriores a 1.0.2.82, RAX45 versiones anteriores a 1.0.2.72, RAX80 versiones anteriores a 1.0.3.106, EX3800 versiones anteriores a 1.0.0.90, MS60 versiones anteriores a 1.0.6.110, R6900P versiones anteriores a 1.3.2.126, RAX15 versiones anteriores a 1.0.2.82, RAX50 versiones anteriores a 1. 0.2.72, RAX75 versiones anteriores a 1.0.3.106, RBR750 versiones anteriores a 3.2.16.6, RBR850 versiones anteriores a 3.2.16.6, RBS750 versiones anteriores a 3.2.16.6, RBS850 versiones anteriores a 3.2.16.6, RBK752 versiones anteriores a 3.2.16.6 y RBK852 versiones anteriores a 3.2.16.6 • https://kb.netgear.com/000064480/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0255 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 16EXPL: 0

Certain NETGEAR devices are affected by stored XSS. This affects R7000 before 1.0.11.110, R7900 before 1.0.4.30, R8000 before 1.0.4.62, RAX200 before 1.0.3.106, R7000P before 1.3.3.140, RAX80 before 1.0.3.106, R6900P before 1.3.3.140, and RAX75 before 1.0.3.106. Determinados dispositivos NETGEAR están afectados por un ataque de tipo XSS almacenado. Esto afecta a R7000 versiones anteriores a 1.0.11.110, a R7900 versiones anteriores a 1.0.4.30, a R8000 versiones anteriores a 1.0.4.62, a RAX200 versiones anteriores a 1.0.3.106, a R7000P versiones anteriores a 1.3.3.140, a RAX80 versiones anteriores a 1.0.3.106, a R6900P versiones anteriores a 1.3.3.140 y a RAX75 versiones anteriores a 1.0.3.106 • https://kb.netgear.com/000064456/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-PSV-2020-0003 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.4EPSS: 0%CPEs: 8EXPL: 0

Certain NETGEAR devices are affected by privilege escalation. This affects R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, and RS400 before 1.5.1.80. Determinados dispositivos NETGEAR están afectados por una escalada de privilegios. Esto afecta a R6900P versiones anteriores a 1.3.3.140, a R7000 versiones anteriores a 1.0.11.126, a R7000P versiones anteriores a 1.3.3.140 y a RS400 versiones anteriores a 1.5.1.80 • https://kb.netgear.com/000064528/Security-Advisory-for-Vertical-Privilege-Escalation-on-Some-Routers-PSV-2021-0043 •

CVSS: 8.8EPSS: 0%CPEs: 88EXPL: 0

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400v2 1.0.4.106_10.0.80 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on TCP port 5000 by default. When parsing the uuid request header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. • https://kb.netgear.com/000064361/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Multiple-Products-PSV-2021-0168 https://www.zerodayinitiative.com/advisories/ZDI-21-1303 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •