Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2016-11057

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-28 Apr, 2020 | 16:11
Updated At-06 Aug, 2024 | 03:47
Rejected At-
Credits

Certain NETGEAR devices are affected by mishandling of repeated URL calls. This affects JNR1010v2 before 2017-01-06, WNR614 before 2017-01-06, WNR618 before 2017-01-06, JWNR2000v5 before 2017-01-06, WNR2020 before 2017-01-06, JWNR2010v5 before 2017-01-06, WNR1000v4 before 2017-01-06, WNR2020v2 before 2017-01-06, R6220 before 2017-01-06, and WNDR3700v5 before 2017-01-06.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:28 Apr, 2020 | 16:11
Updated At:06 Aug, 2024 | 03:47
Rejected At:
▼CVE Numbering Authority (CNA)

Certain NETGEAR devices are affected by mishandling of repeated URL calls. This affects JNR1010v2 before 2017-01-06, WNR614 before 2017-01-06, WNR618 before 2017-01-06, JWNR2000v5 before 2017-01-06, WNR2020 before 2017-01-06, JWNR2010v5 before 2017-01-06, WNR1000v4 before 2017-01-06, WNR2020v2 before 2017-01-06, R6220 before 2017-01-06, and WNDR3700v5 before 2017-01-06.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://kb.netgear.com/29960/NETGEAR-Product-Vulnerability-Advisory-Potential-security-issue-associated-with-remote-management
x_refsource_CONFIRM
Hyperlink: https://kb.netgear.com/29960/NETGEAR-Product-Vulnerability-Advisory-Potential-security-issue-associated-with-remote-management
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://kb.netgear.com/29960/NETGEAR-Product-Vulnerability-Advisory-Potential-security-issue-associated-with-remote-management
x_refsource_CONFIRM
x_transferred
Hyperlink: https://kb.netgear.com/29960/NETGEAR-Product-Vulnerability-Advisory-Potential-security-issue-associated-with-remote-management
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:28 Apr, 2020 | 17:15
Updated At:06 May, 2020 | 19:57

Certain NETGEAR devices are affected by mishandling of repeated URL calls. This affects JNR1010v2 before 2017-01-06, WNR614 before 2017-01-06, WNR618 before 2017-01-06, JWNR2000v5 before 2017-01-06, WNR2020 before 2017-01-06, JWNR2010v5 before 2017-01-06, WNR1000v4 before 2017-01-06, WNR2020v2 before 2017-01-06, R6220 before 2017-01-06, and WNDR3700v5 before 2017-01-06.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CPE Matches

NETGEAR, Inc.
netgear
>>jnr1010_firmware>>Versions before 2017-01-06(exclusive)
cpe:2.3:o:netgear:jnr1010_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>jnr1010>>v2
cpe:2.3:h:netgear:jnr1010:v2:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>jwnr2000_firmware>>Versions before 2017-01-06(exclusive)
cpe:2.3:o:netgear:jwnr2000_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>jwnr2000>>v5
cpe:2.3:h:netgear:jwnr2000:v5:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>jwnr2010_firmware>>Versions before 2017-01-06(exclusive)
cpe:2.3:o:netgear:jwnr2010_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>jwnr2010>>v5
cpe:2.3:h:netgear:jwnr2010:v5:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r6220_firmware>>Versions before 2017-01-06(exclusive)
cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r6220>>-
cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wndr3700_firmware>>Versions before 2017-01-06(exclusive)
cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wndr3700>>v5
cpe:2.3:h:netgear:wndr3700:v5:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wnr1000_firmware>>Versions before 2017-01-06(exclusive)
cpe:2.3:o:netgear:wnr1000_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wnr1000>>v4
cpe:2.3:h:netgear:wnr1000:v4:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wnr2020_firmware>>Versions before 2017-01-06(exclusive)
cpe:2.3:o:netgear:wnr2020_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wnr2020>>-
cpe:2.3:h:netgear:wnr2020:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wnr2020_firmware>>Versions before 2017-01-06(exclusive)
cpe:2.3:o:netgear:wnr2020_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wnr2020>>v2
cpe:2.3:h:netgear:wnr2020:v2:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wnr614_firmware>>Versions before 2017-01-06(exclusive)
cpe:2.3:o:netgear:wnr614_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wnr614>>-
cpe:2.3:h:netgear:wnr614:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wnr618_firmware>>Versions before 2017-01-06(exclusive)
cpe:2.3:o:netgear:wnr618_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wnr618>>-
cpe:2.3:h:netgear:wnr618:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-287Primarynvd@nist.gov
CWE ID: CWE-287
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://kb.netgear.com/29960/NETGEAR-Product-Vulnerability-Advisory-Potential-security-issue-associated-with-remote-managementcve@mitre.org
Vendor Advisory
Hyperlink: https://kb.netgear.com/29960/NETGEAR-Product-Vulnerability-Advisory-Potential-security-issue-associated-with-remote-management
Source: cve@mitre.org
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

476Records found

CVE-2019-17372
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-1.66% / 73.77%
||
7 Day CHG~0.00%
Published-09 Oct, 2019 | 12:06
Updated-05 Aug, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices allow remote attackers to disable all authentication requirements by visiting genieDisableLanChanged.cgi. The attacker can then, for example, visit MNU_accessPassword_recovered.html to obtain a valid new admin password. This affects AC1450, D8500, DC112A, JNDR3000, LG2200D, R4500, R6200, R6200V2, R6250, R6300, R6300v2, R6400, R6700, R6900P, R6900, R7000P, R7000, R7100LG, R7300, R7900, R8000, R8300, R8500, WGR614v10, WN2500RPv2, WNDR3400v2, WNDR3700v3, WNDR4000, WNDR4500, WNDR4500v2, WNR1000, WNR1000v3, WNR3500L, and WNR3500L.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r6300v2_firmwarewn2500rpv2wgr614v10_firmwarer6200v2r6400_firmwarelg2200dr6200v2_firmwarer6300v2r7100lgr6900p_firmwarer8300r7100lg_firmwarer8500_firmwarewndr4500v2_firmwarer7000_firmwarewndr4500r6300_firmwared8500_firmwarewndr3700v3wndr4000wndr4000_firmwared8500r6700wn2500rpv2_firmwarer7000wnr3500l_firmwarejndr3000_firmwarer6900_firmwarer7900_firmwarewndr3400v2_firmwareac1450lg2200d_firmwarer6700_firmwarer8000_firmwarer6250r7300wndr3400v2r7300_firmwareac1450_firmwarer4500_firmwarer8000wndr4500v2r6900pr7900wnr1000v3wnr1000_firmwarer6250_firmwarer7000p_firmwarer6200_firmwaredc112ar8500wgr614v10r8300_firmwarewnr1000wndr4500_firmwarewndr3700v3_firmwarer6900r7000pr4500r6200jndr3000wnr1000v3_firmwarewnr3500ldc112a_firmwarer6300r6400n/a
CWE ID-CWE-287
Improper Authentication
CVE-2023-38096
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-9.8||CRITICAL
EPSS-83.01% / 99.63%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:58
Updated-06 Feb, 2025 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NETGEAR ProSAFE Network Management System MyHandlerInterceptor Authentication Bypass Vulnerability

NETGEAR ProSAFE Network Management System MyHandlerInterceptor Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of NETGEAR ProSAFE Network Management System. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MyHandlerInterceptor class. The issue results from improper implementation of the authentication mechanism. An attacker can leverage this vulnerability to bypass authentication on the system. . Was ZDI-CAN-19718.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-prosafe_network_management_systemProSAFE Network Management Systemprosafe_network_management_system
CWE ID-CWE-287
Improper Authentication
CVE-2021-34865
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-3.08% / 86.06%
||
7 Day CHG~0.00%
Published-25 Jan, 2022 | 15:30
Updated-04 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-13313.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-r6700v2_firmwarer6850_firmwarer7450_firmwarer6220_firmwareac2600ac2400r6900v2r7200_firmwarer6800r6900v2_firmwarer6260_firmwarer6260r6220r6330_firmwareac2400_firmwarer7350_firmwarer7400_firmwarer7200r6350_firmwarer6230r6330d7000v1r6230_firmwareac2100_firmwarer7400ac2100r6700v2r6850r6350r7350r7450d7000v1_firmwarer6800_firmwareac2600_firmwareMultiple Routers
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-697
Incorrect Comparison
CVE-2021-34977
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.15% / 62.86%
||
7 Day CHG~0.00%
Published-13 Jan, 2022 | 21:44
Updated-04 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7000 1.0.11.116_10.2.100 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of SOAP requests. The issue results from the lack of proper authentication verification before performing a password reset. An attacker can leverage this vulnerability to reset the admin password. Was ZDI-CAN-13483.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-r7000_firmwarer7000R7000
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-287
Improper Authentication
CVE-2013-3072
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.11% / 79.55%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 18:11
Updated-06 Aug, 2024 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Authentication Bypass vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34 in http://<router_ip>/apply.cgi?/hdd_usr_setup.htm that when visited by any user, authenticated or not, causes the router to no longer require a password to access the web administration portal.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wndr4700_firmwarewndr4700n/a
CWE ID-CWE-287
Improper Authentication
CVE-2013-3317
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.77% / 90.81%
||
7 Day CHG~0.00%
Published-29 Jan, 2020 | 21:18
Updated-06 Aug, 2024 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass via the NtgrBak key.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wnr1000_firmwarewnr1000n/a
CWE ID-CWE-287
Improper Authentication
CVE-2012-6340
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-1.17% / 63.66%
||
7 Day CHG~0.00%
Published-06 Feb, 2020 | 17:54
Updated-06 Aug, 2024 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Authentication vulnerability exists in NETGEAR WGR614 v7 and v9 due to a hardcoded credential used for serial programming, a related issue to CVE-2006-1002.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wgr614v9_firmwarewgr614v7_firmwarewgr614v9wgr614v7n/a
CWE ID-CWE-287
Improper Authentication
CVE-2013-3316
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.77% / 90.81%
||
7 Day CHG~0.00%
Published-29 Jan, 2020 | 21:15
Updated-06 Aug, 2024 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass due to the server skipping checks for URLs containing a ".jpg".

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wnr1000_firmwarewnr1000n/a
CWE ID-CWE-287
Improper Authentication
CVE-2024-57046
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-2.06% / 79.00%
||
7 Day CHG~0.00%
Published-18 Feb, 2025 | 00:00
Updated-07 Jul, 2025 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Netgear DGN2200 router with firmware version v1.0.0.46 and earlier permits unauthorized individuals to bypass the authentication. When adding "?x=1.gif" to the the requested url, it will be recognized as passing the authentication.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-dgn2200_firmwaredgn2200n/a
CWE ID-CWE-287
Improper Authentication
CVE-2026-0405
Matching Score-6
Assigner-a2826606-91e7-4eb6-899e-8484bd4575d5
ShareView Details
Matching Score-6
Assigner-a2826606-91e7-4eb6-899e-8484bd4575d5
CVSS Score-6.1||MEDIUM
EPSS-0.33% / 24.85%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 16:00
Updated-26 Feb, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authentication Bypass in NETGEAR Orbi Devices

An authentication bypass vulnerability in NETGEAR Orbi devices allows users connected to the local network to access the router web interface as an admin.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-rbse950_firmwarerbe770rbs860_firmwarerbe970_firmwarerbs840cbr750rbre960_firmwarerbe771_firmwarerbr860rbe970rbe772_firmwarerbe773_firmwarerbe770_firmwarerbr850_firmwarerbse960_firmwarerbre960rbse960rbe371rbs850rbr750rbs750_firmwarerbe374_firmwarerbse950rbre950rbr750_firmwarerbs860rbe373_firmwarerbe373rbe370_firmwarerbe971_firmwarerbe971rbr840cbr750_firmwarerbr840_firmwarenbr750_firmwarerbe371_firmwarerbr850rbe370rbe771rbe372_firmwarerbe773rbs850_firmwarerbe772rbs750rbr860_firmwarerbe372nbr750rbre950_firmwarerbe374rbs840_firmwareRBE771RBE374RBS860RBR850RBE970RBE772RBR750RBE770RBR860RBE373RBE372RBSE960RBE773RBE370RBS850RBRE960RBS840RBE971CBR750RBR840NBR750RBRE950RBSE950RBE371RBS750
CWE ID-CWE-287
Improper Authentication
CVE-2026-0407
Matching Score-6
Assigner-a2826606-91e7-4eb6-899e-8484bd4575d5
ShareView Details
Matching Score-6
Assigner-a2826606-91e7-4eb6-899e-8484bd4575d5
CVSS Score-6.1||MEDIUM
EPSS-0.23% / 13.24%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 16:01
Updated-26 Feb, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authentication bypass in NETGEAR WiFi Range Extenders via network adjacent attacks

An insufficient authentication vulnerability in NETGEAR WiFi range extenders allows a network adjacent attacker with WiFi authentication or a physical Ethernet port connection to bypass the authentication process and access the admin panel.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-ex6110_firmwareex2800_firmwareex3110_firmwareex2800ex5000ex5000_firmwareex3110ex6110EX3110EX5000EX2800EX6110
CWE ID-CWE-287
Improper Authentication
CVE-2026-0408
Matching Score-6
Assigner-a2826606-91e7-4eb6-899e-8484bd4575d5
ShareView Details
Matching Score-6
Assigner-a2826606-91e7-4eb6-899e-8484bd4575d5
CVSS Score-6.1||MEDIUM
EPSS-0.23% / 13.50%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 16:01
Updated-26 Feb, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Path traversal vulnerability in Netgear WiFi Range Extenders

A path traversal vulnerability in NETGEAR WiFi range extenders allows an attacker with LAN authentication to access the router's IP and review the contents of the dynamically generated webproc file, which records the username and password submitted to the router GUI.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-ex6110_firmwareex2800_firmwareex3110_firmwareex2800ex5000ex5000_firmwareex3110ex6110EX3110EX5000EX2800EX6110
CWE ID-CWE-287
Improper Authentication
CVE-2021-23147
Matching Score-6
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-6
Assigner-Tenable Network Security, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.36% / 28.44%
||
7 Day CHG~0.00%
Published-30 Dec, 2021 | 21:31
Updated-03 Aug, 2024 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netgear Nighthawk R6700 version 1.0.4.120 does not have sufficient protections for the UART console. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection and execute commands as the root user without authentication.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r6700_firmwarer6700Netgear Nighthawk R6700
CWE ID-CWE-287
Improper Authentication
CVE-2011-1674
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.57% / 83.25%
||
7 Day CHG~0.00%
Published-10 Apr, 2011 | 01:29
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The NetGear ProSafe WNAP210 with firmware 2.0.12 allows remote attackers to bypass authentication and obtain access to the configuration page by visiting recreate.php and then visiting index.php.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-prosafe_wnap210_firmwareprosafe_wnap210n/a
CWE ID-CWE-287
Improper Authentication
CVE-2018-21121
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.67% / 47.48%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 15:21
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by authentication bypass. This affects GS810EMX before 1.0.0.5, XS512EM before 1.0.0.6, and XS724EM before 1.0.0.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-gs810emx_firmwarexs724em_firmwarexs512em_firmwarexs512emxs724emgs810emxn/a
CWE ID-CWE-287
Improper Authentication
CVE-2020-27866
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-8.66% / 94.46%
||
7 Day CHG~0.00%
Published-11 Feb, 2021 | 23:35
Updated-04 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-11355.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-r6850_firmwarer6120r7450_firmwarer6220_firmwareac2600ac2400r6080_firmwarer7200_firmwarer6120_firmwarer6800r6260_firmwarer6260r6220r6020r6330_firmwareac2400_firmwarer7350_firmwarer7400_firmwarer6020_firmwarer7200r6350_firmwarer6080r6230r6700r6330r6800_firmwarer6230_firmwareac2100_firmwarer6900r6900_firmwarer7400ac2100r7450r6350r6850r6700_firmwarer7350ac2600_firmwareMultiple Routers
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-287
Improper Authentication
CVE-2020-26921
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.3||HIGH
EPSS-0.76% / 50.59%
||
7 Day CHG~0.00%
Published-09 Oct, 2020 | 06:28
Updated-04 Aug, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by authentication bypass. This affects GS110EMX before 1.0.1.7, GS810EMX before 1.7.1.3, XS512EM before 1.0.1.3, and XS724EM before 1.0.1.3.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-gs810emx_firmwaregs110emxxs724em_firmwarexs512em_firmwaregs110emx_firmwarexs512emxs724emgs810emxn/a
CWE ID-CWE-287
Improper Authentication
CVE-2013-3071
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.15% / 79.88%
||
7 Day CHG~0.00%
Published-28 Jan, 2020 | 20:03
Updated-06 Aug, 2024 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR Centria WNDR4700 devices with firmware 1.0.0.34 allow authentication bypass.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wndr4700_firmwarewndr4700n/a
CWE ID-CWE-287
Improper Authentication
CVE-2020-11551
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-1.65% / 73.65%
||
7 Day CHG~0.00%
Published-18 May, 2020 | 15:45
Updated-04 Aug, 2024 | 11:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 V2.5.1.106. The administrative SOAP interface allows an unauthenticated remote write of arbitrary Wi-Fi configuration data such as authentication details (e.g., the Web-admin password), network settings, DNS settings, system administration interface configuration, etc.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs50y_firmwaresrr60srs60_firmwaresrs60rbs50ysrr60_firmwaren/a
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-330
Use of Insufficiently Random Values
CVE-2018-21128
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.73% / 49.63%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 17:32
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by authentication bypass. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wac505_firmwarewac510_firmwarewac505wac510n/a
CWE ID-CWE-287
Improper Authentication
CVE-2018-21125
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.67% / 47.48%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 15:50
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR WAC510 devices before 5.0.0.17 are affected by authentication bypass.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wac510_firmwarewac510n/a
CWE ID-CWE-287
Improper Authentication
CVE-2018-21118
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.67% / 47.48%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 15:09
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR XR500 devices before 2.3.2.32 are affected by authentication bypass.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-xr500_firmwarexr500n/a
CWE ID-CWE-287
Improper Authentication
CVE-2023-1327
Matching Score-6
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-6
Assigner-Tenable Network Security, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.87% / 54.51%
||
7 Day CHG~0.00%
Published-14 Mar, 2023 | 00:00
Updated-27 Feb, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netgear RAX30 (AX2400), prior to version 1.0.6.74, was affected by an authentication bypass vulnerability, allowing an unauthenticated attacker to gain administrative access to the device's web management interface by resetting the admin password.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rax30_firmwarerax30Netgear RAX30 (AX2400)
CWE ID-CWE-287
Improper Authentication
CVE-2022-47209
Matching Score-6
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-6
Assigner-Tenable Network Security, Inc.
CVSS Score-8.8||HIGH
EPSS-0.48% / 38.09%
||
7 Day CHG~0.00%
Published-16 Dec, 2022 | 00:00
Updated-17 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A support user exists on the device and appears to be a backdoor for Technical Support staff. The default password for this account is “support” and cannot be changed by a user via any normally accessible means.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rax30_firmwarerax30NETGEAR Nighthawk WiFi6 Router
CWE ID-CWE-287
Improper Authentication
CVE-2017-18772
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.60% / 44.56%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 14:47
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by authentication bypass. This affects EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6120 before 1.0.0.32, EX6130 before 1.0.0.16, R6300v2 before 1.0.4.12, R6700 before 1.0.1.26, R6900 before 1.0.1.22, R7000 before 1.0.9.6, R7300DST before 1.0.0.52, R7900 before 1.0.1.12, R8000 before 1.0.3.24, R8500 before 1.0.2.74, and WNR2000v2 before 1.2.0.8.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r8500ex6130_firmwarer6700r8000r7000ex3800_firmwarewnr2000_firmwarer7900r6900ex3700r8500_firmwarer7300dst_firmwarer6900_firmwareex3800r7900_firmwarer7000_firmwareex3700_firmwarer6300r7300dstex6120r6300_firmwarer6700_firmwareex6130ex6120_firmwarewnr2000r8000_firmwaren/a
CWE ID-CWE-287
Improper Authentication
CVE-2017-18733
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.60% / 44.56%
||
7 Day CHG~0.00%
Published-23 Apr, 2020 | 16:22
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by authentication bypass. This affects D6220 before 1.0.0.28, D6400 before 1.0.0.60, D8500 before 1.0.3.29, R6250 before 1.0.4.8, R6400 before 1.0.1.22, R6400v2 before 1.0.2.32, R7100LG before 1.0.0.32, R7300DST before 1.0.0.52, R8300 before 1.0.2.94, and R8500 before 1.0.2.100.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r8500d8500r8300_firmwarer6400_firmwarer7100lgd6400d6220r8300r7100lg_firmwarer7300dst_firmwarer8500_firmwared6400_firmwarer7300dstd6220_firmwarer6400d8500_firmwarer6250_firmwarer6250n/a
CWE ID-CWE-287
Improper Authentication
CVE-2017-18862
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.52% / 40.45%
||
7 Day CHG~0.00%
Published-28 Apr, 2020 | 15:54
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by authentication bypass. This affects JGS516PE before 2017-05-11, JGS524Ev2 before 2017-05-11, JGS524PE before 2017-05-11, GS105Ev2 before 2017-05-11, GS105PE before 2017-05-11, GS108Ev3 before 2017-05-11, GS108PEv3 before 2017-05-11, GS116Ev2 before 2017-05-11, GSS108E before 2017-05-11, GSS116E before 2017-05-11, XS708Ev2 before 2017-05-11, and XS716E before 2017-05-11.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-jgs524pexs716ejgs516pegs105pegs108e_firmwaregss108e_firmwaregss108egs105ejgs516pe_firmwaregs108egss116e_firmwaregs108pe_firmwarejgs524e_firmwarejgs524pe_firmwarejgs524egs108pexs716e_firmwaregs105e_firmwaregs116e_firmwaregs116egss116exs708e_firmwarexs708egs105pe_firmwaren/a
CWE ID-CWE-287
Improper Authentication
CVE-2017-18850
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.36% / 27.61%
||
7 Day CHG~0.00%
Published-20 Apr, 2020 | 13:51
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by authentication bypass. This affects D6220 before 1.0.0.26, D6400 before 1.0.0.60, D8500 before 1.0.3.29, R6250 before 1.0.4.12, R6400 before 1.01.24, R6400v2 before 1.0.2.30, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R6900P before 1.0.0.56, R7000 before 1.0.9.4, R7000P before 1.0.0.56, R7100LG before 1.0.0.32, R7300DST before 1.0.0.54, R7900 before 1.0.1.18, R8000 before 1.0.3.44, R8300 before 1.0.2.100_1.0.82, and R8500 before 1.0.2.100_1.0.82.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r8000r6400_firmwarer6900pr7100lgr7900r6900p_firmwared6220r8300r7100lg_firmwarer7300dst_firmwarer8500_firmwarer7000_firmwared6400_firmwarer7300dstd6220_firmwared8500_firmwarer6250_firmwarer7000p_firmwarer8500d8500r6700r8300_firmwarer7000r6900d6400r7000pr6900_firmwarer7900_firmwarer6400r6700_firmwarer8000_firmwarer6250n/a
CWE ID-CWE-287
Improper Authentication
CVE-2020-35785
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.3||HIGH
EPSS-0.66% / 47.00%
||
7 Day CHG~0.00%
Published-29 Dec, 2020 | 23:40
Updated-04 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR DGN2200v1 devices before v1.0.0.60 mishandle HTTPd authentication (aka PSV-2020-0363, PSV-2020-0364, and PSV-2020-0365).

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-dgn2200_firmwaredgn2200n/a
CWE ID-CWE-287
Improper Authentication
CVE-2020-35231
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.07% / 60.71%
||
7 Day CHG~0.00%
Published-10 Mar, 2021 | 18:14
Updated-04 Aug, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was affected by an authentication issue that allows an attacker to bypass access controls and obtain full control of the device.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-jgs516pe_firmwaregs116e_firmwaregs116ejgs516pen/a
CWE ID-CWE-287
Improper Authentication
CVE-2009-2257
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-7.18% / 93.53%
||
7 Day CHG~0.00%
Published-30 Jun, 2009 | 10:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to bypass authentication via a direct request to (1) gateway/commands/saveconfig.html, and (2) stattbl.htm, (3) modemmenu.htm, (4) onload.htm, (5) form.css, (6) utility.js, and possibly (7) indextop.htm in html/.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-dg632n/a
CWE ID-CWE-287
Improper Authentication
CVE-2017-18743
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.60% / 44.56%
||
7 Day CHG~0.00%
Published-23 Apr, 2020 | 15:38
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by authentication bypass. This affects R6300v2 before 1.0.4.8, R6400 before 1.0.1.20, R6700 before 1.0.1.20, R6900 before 1.0.1.20, R7000 before 1.0.7.10, R7100LG before V1.0.0.32, R7300DST before 1.0.0.52, R7900 before 1.0.1.16, R8000 before 1.0.3.36, R8300 before 1.0.2.94, R8500 before 1.0.2.94, WNDR3400v3 before 1.0.1.12, and WNR3500Lv2 before 1.2.0.40.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r8500wndr3400_firmwarer6700r8300_firmwarer8000r6400_firmwarer7000wnr3500l_firmwarer7100lgr7900r6900wndr3400wnr3500lr8300r7100lg_firmwarer7300dst_firmwarer8500_firmwarer6900_firmwarer7900_firmwarer7000_firmwarer6300r7300dstr6400r6300_firmwarer6700_firmwarer8000_firmwaren/a
CWE ID-CWE-287
Improper Authentication
CVE-2017-18776
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.41% / 33.08%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 14:43
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by authentication bypass. This affects D6100 before V1.0.0.55, D7000 before V1.0.1.50, D7800 before V1.0.1.24, JNR1010v2 before 1.1.0.40, JWNR2010v5 before 1.1.0.40, R6100 before 1.0.1.12, R6220 before 1.1.0.50, R7500 before 1.0.0.108, R7500v2 before 1.0.3.10, WNDR4300v1 before 1.0.2.88, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.40, WNR2000v5 before 1.0.0.42, WNR2020 before 1.1.0.40, and WNR2050 before 1.1.0.40.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-jnr1010_firmwared7800_firmwared7000wnr2020_firmwared7000_firmwarewnr2020r6220_firmwarewnr1000jwnr2010_firmwarewndr4500_firmwarejwnr2010d7800r6100_firmwarewnr2000_firmwarer7500wndr4300_firmwarer7500_firmwarewnr1000_firmwarewnr2050d6100_firmwarer6220d6100wndr4500wnr2050_firmwarer6100wndr4300jnr1010wnr2000n/a
CWE ID-CWE-287
Improper Authentication
CVE-2025-5495
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.80% / 52.27%
||
7 Day CHG~0.00%
Published-03 Jun, 2025 | 12:31
Updated-11 Aug, 2025 | 18:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netgear WNR614 URL improper authentication

A vulnerability was found in Netgear WNR614 1.1.0.28_1.0.1WW. It has been classified as critical. This affects an unknown part of the component URL Handler. The manipulation with the input %00currentsetting.htm leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This issue appears to have been circulating as an 0day since 2024.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-wnr614_firmwarewnr614WNR614
CWE ID-CWE-287
Improper Authentication
CVE-2025-4978
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-9.3||CRITICAL
EPSS-17.58% / 96.77%
||
7 Day CHG+1.80%
Published-20 May, 2025 | 13:00
Updated-12 Jun, 2025 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netgear DGND3700 Basic Authentication BRS_top.html improper authentication

A vulnerability, which was classified as very critical, was found in Netgear DGND3700 1.1.00.15_1.00.15NA. This affects an unknown part of the file /BRS_top.html of the component Basic Authentication. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other products might be affected as well. The vendor was contacted early about this disclosure.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-dgnd3700_firmwaredgnd3700DGND3700
CWE ID-CWE-287
Improper Authentication
CVE-2021-20168
Matching Score-6
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-6
Assigner-Tenable Network Security, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.33% / 25.28%
||
7 Day CHG~0.00%
Published-30 Dec, 2021 | 21:31
Updated-03 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netgear RAX43 version 1.0.3.96 does not have sufficient protections to the UART interface. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection, login with default credentials, and execute commands as the root user. These default credentials are admin:admin.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rax43_firmwarerax43Netgear RAX43
CWE ID-CWE-287
Improper Authentication
CVE-2017-18732
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.68% / 47.93%
||
7 Day CHG~0.00%
Published-23 Apr, 2020 | 16:23
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by authentication bypass. This affects R6300v2 before 1.0.4.8, PLW1000v2 before 1.0.0.14, and PLW1010v2 before 1.0.0.14.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-plw1000_firmwareplw1010plw1010_firmwarer6300r6300_firmwareplw1000n/a
CWE ID-CWE-287
Improper Authentication
CVE-2017-18720
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.60% / 44.56%
||
7 Day CHG~0.00%
Published-24 Apr, 2020 | 13:15
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d6200_firmwarer6800r6900_firmwarer6900r6700d6200r6700_firmwarer6800_firmwaren/a
CWE ID-CWE-287
Improper Authentication
CVE-2019-20833
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.49% / 70.91%
||
7 Day CHG~0.00%
Published-04 Jun, 2020 | 16:49
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Foxit PhantomPDF before 8.3.10. It has mishandling of cloud credentials, as demonstrated by Google Drive.

Action-Not Available
Vendor-n/aFoxit Software Incorporated
Product-phantompdfn/a
CWE ID-CWE-287
Improper Authentication
CVE-2016-10434
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.84% / 53.37%
||
7 Day CHG~0.00%
Published-18 Apr, 2018 | 14:00
Updated-16 Sep, 2024 | 23:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 820 and SD 820A, the input to RPMB write response function is a buffer from HLOS that needs to be authenticated (using HMAC) and then processed. However, some of the processing occurs before the buffer is authenticated. The function will return various types of errors depending on the values of the `response` and `result` fields of the buffer before verifying the HMAC tag.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_820sd_820a_firmwaresd_820_firmwaresd_820aSnapdragon Automobile, Snapdragon Mobile
CWE ID-CWE-287
Improper Authentication
CVE-2016-11042
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.41% / 32.71%
||
7 Day CHG~0.00%
Published-07 Apr, 2020 | 12:54
Updated-06 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) software. There is a SIM Lock bypass. The Samsung ID is SVE-2016-5381 (June 2016).

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-287
Improper Authentication
CVE-2022-26975
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.94% / 56.54%
||
7 Day CHG~0.00%
Published-01 Jun, 2022 | 11:34
Updated-03 Aug, 2024 | 05:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing log files without authentication.

Action-Not Available
Vendor-barcon/a
Product-control_room_management_suiten/a
CWE ID-CWE-287
Improper Authentication
CVE-2019-20464
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.67% / 73.91%
||
7 Day CHG~0.00%
Published-02 Apr, 2021 | 15:32
Updated-05 Aug, 2024 | 02:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. By default, a mobile application is used to stream over UDP. However, the device offers many more services that also enable streaming. Although the service used by the mobile application requires a password, the other streaming services do not. By initiating communication on the RTSP port, an attacker can obtain access to the video feed without authenticating.

Action-Not Available
Vendor-sanncen/asannce
Product-smart_hd_wifi_security_camera_ean_2_950004_595317smart_hd_wifi_security_camera_ean_2_950004_595317_firmwaren/asmart_hd_wifi_security_camera_ean_2_950004_595317_firmware
CWE ID-CWE-287
Improper Authentication
CVE-2016-1000214
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-1.08% / 60.95%
||
7 Day CHG~0.00%
Published-25 Oct, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Ruckus Wireless H500 web management interface authentication bypass

Action-Not Available
Vendor-ruckusn/a
Product-wireless_h500n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-287
Improper Authentication
CVE-2026-8737
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.40% / 32.21%
||
7 Day CHG~0.00%
Published-17 May, 2026 | 06:45
Updated-18 May, 2026 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sanluan PublicCMS Trade Address Query TradeAddressListDirective.java execute missing authentication

A weakness has been identified in Sanluan PublicCMS 5.202506.d. This issue affects the function execute of the file publiccms-trade/src/main/java/com/publiccms/views/directive/trade/TradeAddressListDirective.java of the component Trade Address Query Handler. Executing a manipulation of the argument userId/id can lead to missing authentication. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Sanluan
Product-PublicCMS
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2016-0883
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-0.88% / 54.76%
||
7 Day CHG~0.00%
Published-18 Sep, 2016 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pivotal Cloud Foundry (PCF) Ops Manager before 1.5.14 and 1.6.x before 1.6.9 uses the same cookie-encryption key across different customers' installations, which allows remote attackers to bypass session authentication by leveraging knowledge of this key from another installation.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-operations_managern/a
CWE ID-CWE-287
Improper Authentication
CVE-2026-8031
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.39% / 31.41%
||
7 Day CHG~0.00%
Published-06 May, 2026 | 18:00
Updated-07 May, 2026 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PicoTronica e-Clinic Healthcare System ECHS API Endpoint patient-records missing authentication

A vulnerability was detected in PicoTronica e-Clinic Healthcare System ECHS 5.7. The affected element is an unknown function of the file /cdemos/echs/api/v2/patient-records of the component API Endpoint. The manipulation results in missing authentication. The attack can be executed remotely. The exploit is now public and may be used. Upgrading to version 5.7.1 is sufficient to fix this issue. You should upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

Action-Not Available
Vendor-PicoTronica
Product-e-Clinic Healthcare System ECHS
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-8214
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.40% / 32.21%
||
7 Day CHG~0.00%
Published-10 May, 2026 | 00:15
Updated-11 May, 2026 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Industrial Application Software IAS Canias ERP RMI doAction improper authentication

A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03. This affects the function doAction of the component RMI Interface. The manipulation of the argument sessionId results in improper authentication. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Industrial Application Software IAS
Product-Canias ERP
CWE ID-CWE-287
Improper Authentication
CVE-2016-0796
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.02% / 59.08%
||
7 Day CHG~0.00%
Published-28 Jul, 2022 | 16:35
Updated-05 Aug, 2024 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WordPress Plugin mb.miniAudioPlayer-an HTML5 audio player for your mp3 files is prone to multiple vulnerabilities, including open proxy and security bypass vulnerabilities because it fails to properly verify user-supplied input. An attacker may leverage these issues to hide attacks directed at a target site from behind vulnerable website or to perform otherwise restricted actions and subsequently download files with the extension mp3, mp4a, wav and ogg from anywhere the web server application has read access to the system. WordPress Plugin mb.miniAudioPlayer-an HTML5 audio player for your mp3 files version 1.7.6 is vulnerable; prior versions may also be affected.

Action-Not Available
Vendor-mb.miniaudioplayer_projectn/a
Product-mb.miniaudioplayerWordPress Plugin mb.miniAudioPlayer-an
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-610
Externally Controlled Reference to a Resource in Another Sphere
CVE-2019-20481
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.59% / 43.76%
||
7 Day CHG~0.00%
Published-24 Feb, 2020 | 14:35
Updated-05 Aug, 2024 | 02:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In MIELE XGW 3000 ZigBee Gateway before 2.4.0, the Password Change Function does not require knowledge of the old password. This can be exploited in conjunction with CVE-2019-20480.

Action-Not Available
Vendor-mielen/a
Product-xgw_3000_zigbee_gatewayxgw_3000_zigbee_gateway_firmwaren/a
CWE ID-CWE-287
Improper Authentication
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 9
  • 10
  • Next
Details not found