Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-18737

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-23 Apr, 2020 | 16:05
Updated At-05 Aug, 2024 | 21:37
Rejected At-
Credits

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, WNDR3700v5 before 1.1.0.48, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:23 Apr, 2020 | 16:05
Updated At:05 Aug, 2024 | 21:37
Rejected At:
▼CVE Numbering Authority (CNA)

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, WNDR3700v5 before 1.1.0.48, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
3.08.8HIGH
CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:U/UI:N
Version: 3.0
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:U/UI:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://kb.netgear.com/000051518/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-and-Extenders-PSV-2017-2140
x_refsource_CONFIRM
Hyperlink: https://kb.netgear.com/000051518/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-and-Extenders-PSV-2017-2140
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://kb.netgear.com/000051518/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-and-Extenders-PSV-2017-2140
x_refsource_CONFIRM
x_transferred
Hyperlink: https://kb.netgear.com/000051518/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-and-Extenders-PSV-2017-2140
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:23 Apr, 2020 | 17:15
Updated At:23 Apr, 2020 | 22:22

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, WNDR3700v5 before 1.1.0.48, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.08.8HIGH
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.05.8MEDIUM
AV:A/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.0
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 5.8
Base severity: MEDIUM
Vector:
AV:A/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
NETGEAR, Inc.
netgear
>>jnr1010_firmware>>Versions before 1.1.0.44(exclusive)
cpe:2.3:o:netgear:jnr1010_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>jnr1010>>v2
cpe:2.3:h:netgear:jnr1010:v2:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>jr6150_firmware>>Versions before 1.0.1.10(exclusive)
cpe:2.3:o:netgear:jr6150_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>jr6150>>-
cpe:2.3:h:netgear:jr6150:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>jwnr2010_firmware>>Versions before 1.1.0.44(exclusive)
cpe:2.3:o:netgear:jwnr2010_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>jwnr2010>>v5
cpe:2.3:h:netgear:jwnr2010:v5:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>pr2000_firmware>>Versions before 1.0.0.18(exclusive)
cpe:2.3:o:netgear:pr2000_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>pr2000>>-
cpe:2.3:h:netgear:pr2000:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r6050_firmware>>Versions before 1.0.1.10(exclusive)
cpe:2.3:o:netgear:r6050_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r6050>>-
cpe:2.3:h:netgear:r6050:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r6220_firmware>>Versions before 1.1.0.50(exclusive)
cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r6220>>-
cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r6700_firmware>>Versions before 1.2.0.4(exclusive)
cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r6700>>v2
cpe:2.3:h:netgear:r6700:v2:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r6800_firmware>>Versions before 1.2.0.4(exclusive)
cpe:2.3:o:netgear:r6800_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r6800>>-
cpe:2.3:h:netgear:r6800:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r6900_firmware>>Versions before 1.2.0.4(exclusive)
cpe:2.3:o:netgear:r6900_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r6900>>v2
cpe:2.3:h:netgear:r6900:v2:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wndr3700_firmware>>Versions before 1.1.0.48(exclusive)
cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wndr3700>>v5
cpe:2.3:h:netgear:wndr3700:v5:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wnr1000_firmware>>Versions before 1.1.0.44(exclusive)
cpe:2.3:o:netgear:wnr1000_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wnr1000>>v4
cpe:2.3:h:netgear:wnr1000:v4:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wnr2020_firmware>>Versions before 1.1.0.44(exclusive)
cpe:2.3:o:netgear:wnr2020_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wnr2020>>-
cpe:2.3:h:netgear:wnr2020:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wnr2050_firmware>>Versions before 1.1.0.44(exclusive)
cpe:2.3:o:netgear:wnr2050_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wnr2050>>-
cpe:2.3:h:netgear:wnr2050:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-74Primarynvd@nist.gov
CWE ID: CWE-74
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://kb.netgear.com/000051518/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-and-Extenders-PSV-2017-2140cve@mitre.org
Vendor Advisory
Hyperlink: https://kb.netgear.com/000051518/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-and-Extenders-PSV-2017-2140
Source: cve@mitre.org
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

273Records found
CVE-2018-21113
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.09% / 26.40%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 14:38
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6100 before 1.0.0.58, D7800 before 1.0.1.42, R6100 before 1.0.1.28, R7500 before 1.0.0.130, R7500v2 before 1.0.3.36, R7800 before 1.0.2.52, R8900 before 1.0.4.12, R9000 before 1.0.4.12, WNDR3700v4 before 1.0.2.102, WNDR4300 before 1.0.2.104, WNDR4300v2 before 1.0.0.56, and WNDR4500v3 before 1.0.0.56.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d7800_firmwarer8900r9000_firmwarewndr3700r8900_firmwarewndr3700_firmwarewndr4500_firmwared7800r6100_firmwarer9000r7500wndr4300_firmwarer7500_firmwarer7800d6100_firmwared6100wndr4500r6100wndr4300r7800_firmwaren/a
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2018-21208
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.70% / 71.08%
||
7 Day CHG~0.00%
Published-28 Apr, 2020 | 15:30
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7500v2 before 1.0.3.24, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r7500_firmwared6100_firmwared6100wndr4500r6100wndr4300wndr4500_firmwarer6100_firmwarer7500wndr4300_firmwaren/a
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2018-21123
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.70% / 71.08%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 15:48
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WC7500 before 6.5.3.9, WC7520 before 6.5.3.9, WC7600v1 before 6.5.3.9, and WC7600v2 before 6.5.3.9.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wc7500_firmwarewc7520wc7500wc7520_firmwarewc7600_firmwarewc7600n/a
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2017-18734
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.20% / 42.13%
||
7 Day CHG~0.00%
Published-23 Apr, 2020 | 16:20
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, WNDR3700v5 before 1.1.0.48, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-jnr1010_firmwarewnr2020_firmwarewndr3700wnr2020r6700r6220_firmwarewndr3700_firmwarepr2000wnr1000jwnr2010r6900r6800wnr1000_firmwarer6900_firmwarer6050_firmwarer6050pr2000_firmwarewnr2050r6220jr6150jr6150_firmwarewnr2050_firmwarejnr1010r6700_firmwarer6800_firmwarejwnr2010_firmwaren/a
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2017-18762
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.79% / 72.98%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 15:44
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D3600 before 1.0.0.68, D6000 before 1.0.0.68, D6100 before 1.0.0.57, R6100 before 1.0.1.16, R6900P before 1.2.0.22, R7000 before 1.0.9.10, R7000P before 1.2.0.22, R7100LG before 1.0.0.40, WNDR3700v4 before 1.0.2.88, WNDR4300v1 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.58.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d6000_firmwarewndr3700wndr3700_firmwarer7000r6900pr6100_firmwarer7100lgwndr4500_firmwarewnr2000_firmwared6000r7000pwndr4300_firmwarer6900p_firmwared3600_firmwarer7100lg_firmwarer7000_firmwared6100_firmwared6100wndr4500d3600r6100wndr4300wnr2000r7000p_firmwaren/a
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2017-18736
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.79% / 72.98%
||
7 Day CHG~0.00%
Published-23 Apr, 2020 | 16:12
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects JR6150 before 1.0.1.10, R6050 before 1.0.1.10, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, and WNDR3700v5 before 1.1.0.48.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r6800r6050_firmwarer6900_firmwarer6050r6900wndr3700r6220jr6150jr6150_firmwarer6700r6220_firmwarewndr3700_firmwarer6700_firmwarer6800_firmwaren/a
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2021-41314
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-3.65% / 87.39%
||
7 Day CHG~0.00%
Published-16 Sep, 2021 | 22:00
Updated-04 Aug, 2024 | 03:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR smart switches are affected by a \n injection in the web UI's password field, which - due to several faulty aspects of the authentication scheme - allows the attacker to create (or overwrite) a file with specific content (e.g., the "2" string). This leads to admin session crafting and therefore gaining full web UI admin privileges by an unauthenticated attacker. This affects GC108P before 1.0.8.2, GC108PP before 1.0.8.2, GS108Tv3 before 7.0.7.2, GS110TPP before 7.0.7.2, GS110TPv3 before 7.0.7.2, GS110TUP before 1.0.5.3, GS308T before 1.0.3.2, GS310TP before 1.0.3.2, GS710TUP before 1.0.5.3, GS716TP before 1.0.4.2, GS716TPP before 1.0.4.2, GS724TPP before 2.0.6.3, GS724TPv2 before 2.0.6.3, GS728TPPv2 before 6.0.8.2, GS728TPv2 before 6.0.8.2, GS750E before 1.0.1.10, GS752TPP before 6.0.8.2, GS752TPv2 before 6.0.8.2, MS510TXM before 1.0.4.2, and MS510TXUP before 1.0.4.2.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-gs710tup_firmwaregc108p_firmwaregs308tgs310tp_firmwaregs108tv3gs724tpgs110tupgs110tppgs716tppms510txup_firmwaregs752tppms510txupgs728tp_firmwaregs716tp_firmwarems510txm_firmwaregs728tpp_firmwarems510txmgs728tpgs110tpp_firmwaregs752tp_firmwaregc108pgs110tpgs716tpp_firmwaregs752tpgs710tupgc108ppgs308t_firmwaregs724tpp_firmwaregs110tup_firmwaregs724tppgs728tppgc108pp_firmwaregs752tpp_firmwaregs750egs110tp_firmwaregs750e_firmwaregs108t_firmwaregs716tpgs310tpgs724tp_firmwaren/a
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2017-18764
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.79% / 72.98%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 15:42
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6100 before 1.0.0.55, D7000 before 1.0.1.50, D7800 before 1.0.1.28, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6100 before 1.0.1.14, R6120 before 1.0.0.30, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, R7500 before 1.0.0.110, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R9000 before 1.0.2.52, WN3000RPv3 before 1.0.2.50, WNDR3700v4 before 1.0.2.88, WNDR3700v5 before 1.1.0.48, WNDR4300v1 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.44, WNR2000v5 before 1.0.0.58, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-jnr1010_firmwarewn3000rpwnr2020_firmwarewndr3700r6120wnr2020r6220_firmwarepr2000jwnr2010d7800r6100_firmwarer6120_firmwarewndr4300_firmwarer7500_firmwarer6800wnr1000_firmwarer6050pr2000_firmwared6100_firmwarer6220wndr4500r6100wn3000rp_firmwared7800_firmwared7000r9000_firmwared7000_firmwarer6700wndr3700_firmwarewnr1000wndr4500_firmwarewnr2000_firmwarer6900r7500r9000r6900_firmwarer6050_firmwarer7800wnr2050d6100jr6150_firmwarejr6150wnr2000wnr2050_firmwarewndr4300jnr1010r7800_firmwarer6700_firmwarer6800_firmwarejwnr2010_firmwaren/a
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2017-18735
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.20% / 42.13%
||
7 Day CHG~0.00%
Published-23 Apr, 2020 | 16:14
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects JR6150 before 1.0.1.10, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, and R6900v2 before 1.2.0.4.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r6800r6050_firmwarer6900_firmwarer6050pr2000_firmwarer6900jr6150jr6150_firmwarer6700pr2000r6700_firmwarer6800_firmwaren/a
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2017-18855
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.27% / 49.85%
||
7 Day CHG~0.00%
Published-29 Apr, 2020 | 13:14
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR WNR854T devices before 1.5.2 are affected by command execution.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wnr854twnr854t_firmwaren/a
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2022-47209
Matching Score-8
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-8
Assigner-Tenable Network Security, Inc.
CVSS Score-8.8||HIGH
EPSS-0.04% / 11.58%
||
7 Day CHG~0.00%
Published-16 Dec, 2022 | 00:00
Updated-17 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A support user exists on the device and appears to be a backdoor for Technical Support staff. The default password for this account is “support” and cannot be changed by a user via any normally accessible means.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rax30_firmwarerax30NETGEAR Nighthawk WiFi6 Router
CWE ID-CWE-287
Improper Authentication
CVE-2018-21153
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.56% / 67.13%
||
7 Day CHG~0.00%
Published-27 Apr, 2020 | 17:10
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, EX2700 before 1.0.1.32, EX6100v2 before 1.0.1.70, EX6150v2 before 1.0.1.70, EX6200v2 before 1.0.1.62, EX6400 before 1.0.1.78, EX7300 before 1.0.1.62, EX8000 before 1.0.0.114, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.40, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WN2000RPTv3 before 1.0.1.26, WN3000RPv2 before 1.0.0.56, WN3000RPv3 before 1.0.2.66, WN3100RPv2 before 1.0.0.56, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wn2000rpt_firmwarewn3000rpex6400_firmwareex7300_firmwarer8900_firmwared7800r6100_firmwareex6200dm200_firmwarewn3100rp_firmwareex8000wndr4300_firmwarer7500_firmwarewn3100rpwndr4500r6100ex7300ex6100wn3000rp_firmwared7800_firmwaredm200ex8000_firmwarer8900r9000_firmwarewndr4500_firmwarewnr2000_firmwareex2700ex6200_firmwareex6150r7500r9000wn2000rptr7800ex2700_firmwareex6100_firmwarewndr4300r7800_firmwareex6400wnr2000ex6150_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2018-21224
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.47% / 63.48%
||
7 Day CHG~0.00%
Published-28 Apr, 2020 | 16:28
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d7800_firmwarer9000_firmwared6000_firmwarewndr3700wndr3700_firmwarewndr4500_firmwared7800r6100_firmwarewnr2000_firmwared6000r9000r7500wndr4300_firmwared3600_firmwarer7500_firmwarewndr4500d3600r6100wndr4300wnr2000n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2018-21125
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.12% / 31.93%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 15:50
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR WAC510 devices before 5.0.0.17 are affected by authentication bypass.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wac510_firmwarewac510n/a
CWE ID-CWE-287
Improper Authentication
CVE-2018-21203
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.21% / 43.22%
||
7 Day CHG~0.00%
Published-28 Apr, 2020 | 15:11
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects R6100 before 1.0.1.20, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r9000_firmwarewndr3700wndr4500r6100wndr3700_firmwarewndr4300wndr4500_firmwarer6100_firmwarer9000wndr4300_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-21170
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.03% / 8.41%
||
7 Day CHG~0.00%
Published-27 Apr, 2020 | 17:35
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects EX2700 before 1.0.1.28, R7800 before 1.0.2.40, WN2000RPTv3 before 1.0.1.20, WN3000RPv3 before 1.0.2.50, and WN3100RPv2 before 1.0.0.56.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wn2000rpt_firmwarewn3000rp_firmwarer7800wn3000rpwn3100rpex2700_firmwarer7800_firmwareex2700wn2000rptwn3100rp_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-21121
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.12% / 31.93%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 15:21
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by authentication bypass. This affects GS810EMX before 1.0.0.5, XS512EM before 1.0.0.6, and XS724EM before 1.0.0.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-gs810emx_firmwarexs724em_firmwarexs512em_firmwarexs512emxs724emgs810emxn/a
CWE ID-CWE-287
Improper Authentication
CVE-2018-21130
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.70% / 70.97%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 17:35
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wac505_firmwarewac510_firmwarewac505wac510n/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-21218
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.47% / 63.62%
||
7 Day CHG~0.00%
Published-28 Apr, 2020 | 15:43
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d7800_firmwarer9000_firmwared6000_firmwarewndr3700wndr3700_firmwarewnr2000_firmwared7800r6100_firmwarewndr4500_firmwared6000r9000r7500wndr4300_firmwarer7500_firmwared3600_firmwared6100_firmwared6100wndr4500d3600r6100wndr4300wnr2000n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2018-21124
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.11% / 30.86%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 15:49
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR WAC510 devices before 5.0.0.17 are affected by privilege escalation.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wac505_firmwarewac510_firmwarewac505wac510n/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2018-21117
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.24% / 46.89%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 15:00
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR XR500 devices before 2.3.2.32 are affected by remote code execution by unauthenticated attackers via the traceroute handler.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-xr500_firmwarexr500n/a
CVE-2018-21158
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.13% / 33.09%
||
7 Day CHG~0.00%
Published-27 Apr, 2020 | 17:25
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR R7800 devices before 1.0.2.46 are affected by incorrect configuration of security settings.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r7800r7800_firmwaren/a
CVE-2018-21210
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 34.62%
||
7 Day CHG~0.00%
Published-28 Apr, 2020 | 15:33
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D7800 before 1.0.1.30, EX2700 before 1.0.1.28, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WN2000RPTv3 before 1.0.1.20, WN3000RPv3 before 1.0.2.50, WN3100RPv2 before 1.0.0.56, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wn2000rpt_firmwarewn3000rp_firmwared7800_firmwarewn3000rpr900d6000_firmwarewndr3700wndr3700_firmwarer900_firmwared7800r6100_firmwarewndr4500_firmwareex2700d6000wn3100rp_firmwarewn2000rptwndr4300_firmwarer7500d3600_firmwarer7500_firmwarer7800wn3100rpex2700_firmwarewndr4500d3600r6100wndr4300r7800_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2018-21226
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.12% / 31.93%
||
7 Day CHG~0.00%
Published-28 Apr, 2020 | 16:39
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by authentication bypass. This affects JNR1010v2 before 1.1.0.48, JWNR2010v5 before 1.1.0.48, WNR1000v4 before 1.1.0.48, WNR2020 before 1.1.0.48, and WNR2050 before 1.1.0.48.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-jnr1010_firmwarewnr1000_firmwarewnr2020_firmwarewnr2050wnr2020wnr2050_firmwarewnr1000jnr1010jwnr2010jwnr2010_firmwaren/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2018-21219
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 34.62%
||
7 Day CHG~0.00%
Published-28 Apr, 2020 | 15:44
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d7800_firmwarer9000_firmwared6000_firmwarewndr3700wndr3700_firmwarewnr2000_firmwared7800r6100_firmwarewndr4500_firmwared6000r9000r7500wndr4300_firmwarer7500_firmwared3600_firmwared6100_firmwared6100wndr4500d3600r6100wndr4300wnr2000n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2018-21216
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.13% / 33.23%
||
7 Day CHG~0.00%
Published-28 Apr, 2020 | 15:42
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, and R6100 before 1.0.1.20.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d3600_firmwared6000_firmwared6100_firmwared6100d3600r6100r6100_firmwared6000n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2018-21126
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.70% / 71.08%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 15:51
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wac505_firmwarewac510_firmwarewac505wac510n/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-21221
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.13% / 33.37%
||
7 Day CHG~0.00%
Published-28 Apr, 2020 | 16:23
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, and R9000 before 1.0.2.52.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d3600_firmwarer9000_firmwared6000_firmwared3600d6000r9000n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2018-21217
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.13% / 33.37%
||
7 Day CHG~0.00%
Published-28 Apr, 2020 | 15:42
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, and R6100 before 1.0.1.20.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d3600_firmwared6000_firmwared6100_firmwared6100d3600r6100r6100_firmwared6000n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2018-21133
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.56% / 67.13%
||
7 Day CHG~0.00%
Published-23 Apr, 2020 | 19:42
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wac505_firmwarewac510_firmwarewac505wac510n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-21093
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.4||MEDIUM
EPSS-0.09% / 26.23%
||
7 Day CHG~0.00%
Published-27 Apr, 2020 | 14:41
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D8500 before 1.0.3.42, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.24, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150 before 1.0.0.42, EX6200 before 1.0.3.88, EX7000 before 1.0.0.66, R6250 before 1.0.4.26, R6300-2CXNAS before 1.0.3.60, R6300v2 before 1.0.4.28, R6400 before 1.0.1.36, R6400v2 before 1.0.2.52, R6700 before 1.0.1.46, R6900 before 1.0.1.46, R7000 before 1.0.9.28, R7000P before 1.3.1.44, R6900P before 1.3.1.44, R7100LG before 1.0.0.46, R7300 before 1.0.0.68, R7900 before 1.0.2.10, R8000 before 1.0.4.18, R8000P before 1.3.0.10, R7900P before 1.3.0.10, R8500 before 1.0.2.122, R8300 before 1.0.2.122, RBW30 before 2.1.2.6, WN2500RPv2 before 1.0.0.54, and WNR3500Lv2 before 1.2.0.56.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r7300rbw30_firmwarer7300_firmwarer8000r6400_firmwareex3800_firmwareex6200ex7000r6900pr7100lgr7900r8000pex3700r6900p_firmwarerbw30r8500_firmwarer7100lg_firmwarer8300r7000_firmwarer6300-2cxnas_firmwarer6300-2cxnasr8000p_firmwarewn2500rpwn2500rp_firmwarer6300_firmwareex6130d8500_firmwarer6250_firmwarer7900pex6000_firmwareex6100r7000p_firmwarer8500ex6130_firmwared8500r6700r8300_firmwarer7000wnr3500l_firmwareex6200_firmwareex6150r6900r7000pwnr3500lr6900_firmwareex3800r7900_firmwareex6100_firmwareex3700_firmwareex6000ex7000_firmwareex6120r6300r6400r6700_firmwarer7900p_firmwareex6120_firmwareex6150_firmwarer8000_firmwarer6250n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-21222
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 34.62%
||
7 Day CHG~0.00%
Published-28 Apr, 2020 | 16:24
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d7800_firmwarer9000_firmwared6000_firmwarewndr3700wndr3700_firmwarewnr2000_firmwared7800r6100_firmwarewndr4500_firmwared6000r9000r7500wndr4300_firmwarer7500_firmwared3600_firmwarewndr4500d3600r6100wndr4300wnr2000n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-34991
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.56% / 67.43%
||
7 Day CHG~0.00%
Published-15 Nov, 2021 | 15:40
Updated-04 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400v2 1.0.4.106_10.0.80 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on TCP port 5000 by default. When parsing the uuid request header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-14110.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-rax48_firmwarerax15r6400_firmwarer7100lgex3700rax50r6900p_firmwared6220r8300r7100lg_firmwarerax45r8500_firmwarer7960prs400d7000v2r7000_firmwarerax40v2_firmwarer6700v3rax20r6700v3_firmwarerax50s_firmwared6220_firmwareex6130r7900prax20_firmwareraxe500rax50swndr3400v3raxe450rax35v2rax38v2_firmwarerax40v2rax43_firmwarerax42r6400v2r7000rax43rax80_firmwared6400dgn2200v4ex3800ex3700_firmwareraxe450_firmwareex6120rax48r7900p_firmwarer8000_firmwarerax80rs400_firmwarer8000rax75r6900pex3800_firmwarer8000pdgn2200v4_firmwarer8000p_firmwarewndr3400v3_firmwared6400_firmwarer7850rax200r7000p_firmwarerax200_firmwarer8500dc112aex6130_firmwarerax38v2r7850_firmwarecax80_firmwarer8300_firmwarerax42_firmwared7000v2_firmwarewnr3500lv2xr300r7000pcax80r6400v2_firmwarexr300_firmwarerax35v2_firmwareraxe500_firmwarer7960p_firmwarewnr3500lv2_firmwarerax15_firmwaredc112a_firmwarerax75_firmwarerax50_firmwarer6400rax45_firmwareex6120_firmwareR6400v2
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-21215
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.13% / 33.37%
||
7 Day CHG~0.00%
Published-28 Apr, 2020 | 15:41
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, EX2700 before 1.0.1.28, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WN2000RPTv3 before 1.0.1.20, WN3000RPv3 before 1.0.2.50, and WN3100RPv2 before 1.0.0.56.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wn2000rpt_firmwarewn3000rp_firmwarewn3000rpr9000_firmwared6000_firmwared6000ex2700wn2000rptwn3100rp_firmwarer9000r7500r7500_firmwared3600_firmwarewn3100rpex2700_firmwared6100_firmwared6100d3600n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2018-21140
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.12% / 32.19%
||
7 Day CHG~0.00%
Published-21 Apr, 2020 | 20:54
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.76 and D6000 before 1.0.0.76.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d3600d3600_firmwared6000_firmwared6000n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-21138
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.08% / 24.38%
||
7 Day CHG~0.00%
Published-23 Apr, 2020 | 20:06
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.76 and D6000 before 1.0.0.76.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d3600d3600_firmwared6000_firmwared6000n/a
CVE-2018-21118
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.12% / 31.93%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 15:09
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR XR500 devices before 2.3.2.32 are affected by authentication bypass.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-xr500_firmwarexr500n/a
CWE ID-CWE-287
Improper Authentication
CVE-2018-21202
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.07% / 22.25%
||
7 Day CHG~0.00%
Published-28 Apr, 2020 | 15:10
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, and WNDR4500v3 before 1.0.0.54.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d7800_firmwarer9000_firmwarewndr3700wndr3700_firmwarewndr4500_firmwared7800r6100_firmwarer9000r7500wndr4300_firmwarer7500_firmwarer7800wndr4500r6100wndr4300r7800_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-34978
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.19% / 40.73%
||
7 Day CHG~0.00%
Published-13 Jan, 2022 | 21:44
Updated-04 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 1.1.0.78_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setupwizard.cgi page. A crafted SOAP request can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13511.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-r6260r6260_firmwareR6260
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-21115
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.30% / 52.61%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 14:45
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR XR500 devices before 2.3.2.32 are affected by remote code execution by unauthenticated attackers.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-xr500_firmwarexr500n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-34982
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-4.18% / 88.24%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 22:54
Updated-14 Aug, 2025 | 01:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability

NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. When parsing the strings file, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-13709.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-ex6120r7000p_firmwarerax35v2v6510-1fxaus_firmwarerax45_firmwarerax15_firmwarev6510-1fxausex3700r7000pex7000_firmwarer8000_firmwareex6120_firmwarems80rax38v2_firmwared7000v2rax48_firmwarer6400_firmwarerax80r6400v2rax50srax35v2_firmwarer6700v3ex6130_firmwarer7000_firmwarers400r7850_firmwarer8300_firmwaredgn2200v4rax15d6220_firmwarerax200_firmwarer7850ex3800_firmwaremr80_firmwarers400_firmwarerax20_firmwarer8000p_firmwarerax40v2_firmwarer6900p_firmwarer7100lg_firmwared6400_firmwarerax43r7900plax20_firmwarewndr3400v3_firmwarexr300_firmwarer6900pex3700_firmwarerax20rax42_firmwareraxe450mr60raxe500_firmwaremr60_firmwarerax50dgn2200v4_firmwarexr300dc112alax20r7100lgms80_firmwarer6400v2_firmwarerax43_firmwarerax45rax75rax75_firmwarerax48rax50s_firmwarerax40v2ex7500_firmwared7000v2_firmwarerax200wnr3500lv2_firmwarer6700v3_firmwarems60ms60_firmwarer7900p_firmwarer6400rax80_firmwarexr1000r7000r8000wnr3500lv2rax50_firmwareex7500ex7000ex6130r7960p_firmwarer7960pmr80ex3800wndr3400v3raxe450_firmwarer8000pr8500rax38v2raxe500r8300d6400rax42r8500_firmwarexr1000_firmwared6220dc112a_firmwareMultiple Routersmultiple_router_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-34979
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.49% / 64.35%
||
7 Day CHG~0.00%
Published-13 Jan, 2022 | 21:44
Updated-04 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 1.1.0.78_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SOAP requests. When parsing the SOAPAction header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13512.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-r6260_firmwarer6260R6260
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2018-21116
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.30% / 52.61%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 14:47
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR XR500 devices before 2.3.2.32 are affected by remote code execution by unauthenticated attackers.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-xr500_firmwarexr500n/a
CVE-2021-34980
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.22% / 45.03%
||
7 Day CHG~0.00%
Published-13 Jan, 2022 | 21:44
Updated-04 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 1.1.0.78_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setupwizard.cgi page. When parsing the SOAP_LOGIN_TOKEN environment variable, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-14107.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-r6260_firmwarer6260R6260
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-21137
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.27% / 50.37%
||
7 Day CHG~0.00%
Published-23 Apr, 2020 | 20:05
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a hardcoded password. This affects D3600 before 1.0.0.76 and D6000 before 1.0.0.76.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d3600d3600_firmwared6000_firmwared6000n/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2018-21204
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 34.62%
||
7 Day CHG~0.00%
Published-28 Apr, 2020 | 15:11
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d7800_firmwarer9000_firmwarewndr3700wndr3700_firmwarewndr4500_firmwared7800r6100_firmwarer9000r7500wndr4300_firmwarer7500_firmwarer7800wndr4500r6100wndr4300r7800_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-21207
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.13% / 33.23%
||
7 Day CHG~0.00%
Published-28 Apr, 2020 | 15:15
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D7800 before 1.0.1.30, EX2700 before 1.0.1.28, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WN2000RPTv3 before 1.0.1.20, WN3000RPv3 before 1.0.2.50, WN3100RPv2 before 1.0.0.56, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wn2000rpt_firmwarewn3000rp_firmwared7800_firmwarewn3000rpr900d6000_firmwarewndr3700wndr3700_firmwarer900_firmwared7800r6100_firmwarewndr4500_firmwareex2700d6000wn3100rp_firmwarewn2000rptwndr4300_firmwarer7500d3600_firmwarer7500_firmwarer7800wn3100rpex2700_firmwarewndr4500d3600r6100wndr4300r7800_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-21169
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.13% / 33.09%
||
7 Day CHG~0.00%
Published-27 Apr, 2020 | 17:32
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D7000 before 2018-03-01, D7800 before 1.0.1.31, D8500 before 1.0.3.36, JNR1010v2 before 1.1.0.46, JR6150 before 1.0.1.14, JWNR2010v5 before 1.1.0.46, PR2000 before 2018-03-01, R6050 before 1.0.1.14, R6220 before 1.1.0.60, R6400 before 1.1.0.26, R6400v2 before 1.0.2.46, R6700v2 before 1.2.0.2, R6800 before 1.2.0.2, R6900v2 before 1.2.0.2, R7300DST before 1.0.0.56, R7500 before 1.0.0.112, R7500v2 before 1.0.3.24, R7800 before 1.0.2.36, R7900P before 1.1.4.6, R8000P before 1.1.4.6, R8300 before 1.0.2.104, R8500 before 1.0.2.104, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.94, WNDR3700v5 before 1.1.0.50, WNDR4300 before 1.0.2.96, WNDR4300v2 before 1.0.0.52, WNDR4500v3 before 1.0.0.52, WNR1000v4 before 1.1.0.46, WNR2020 before 1.1.0.46, and WNR2050 before 1.1.0.46.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-jnr1010_firmwarewnr2020_firmwarewndr3700wnr2020r6220_firmwarepr2000r6400_firmwarejwnr2010d7800r8000pwndr4300_firmwarer7500_firmwarer6800r7300dst_firmwarer8300r8500_firmwarer6050pr2000_firmwarewnr1000_firmwarer6220r8000p_firmwarewndr4500r7300dstd8500_firmwarer7900pd7800_firmwared7000r8500r9000_firmwared8500d7000_firmwarer6700r8300_firmwarewndr3700_firmwarewnr1000wndr4500_firmwarer6900r7500r9000r6900_firmwarer6050_firmwarer7800wnr2050jr6150_firmwarejr6150wnr2050_firmwarewndr4300jnr1010r7800_firmwarer6400r6700_firmwarer7900p_firmwarer6800_firmwarejwnr2010_firmwaren/a
CVE-2023-51635
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.87% / 82.35%
||
7 Day CHG~0.00%
Published-22 Nov, 2024 | 20:04
Updated-03 Jan, 2025 | 16:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NETGEAR RAX30 fing_dil Stack-based Buffer Overflow Remote Code Execution Vulnerability

NETGEAR RAX30 fing_dil Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within fing_dil service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19843.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-rax30_firmwarerax30RAX30rax30_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-34865
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.17% / 38.38%
||
7 Day CHG~0.00%
Published-25 Jan, 2022 | 15:30
Updated-04 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-13313.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-r6700v2_firmwarer6850_firmwarer7450_firmwarer6220_firmwareac2600ac2400r6900v2r7200_firmwarer6800r6900v2_firmwarer6260_firmwarer6260r6220r6330_firmwareac2400_firmwarer7350_firmwarer7400_firmwarer7200r6350_firmwarer6230r6330d7000v1r6230_firmwareac2100_firmwarer7400ac2100r6700v2r6850r6350r7350r7450d7000v1_firmwarer6800_firmwareac2600_firmwareMultiple Routers
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-697
Incorrect Comparison
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found