Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-18769

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-22 Apr, 2020 | 14:54
Updated At-05 Aug, 2024 | 21:37
Rejected At-
Credits

Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects D6220 before 1.0.0.40, D6400 before 1.0.0.74, D7000 before 1.0.1.60, D7800 before 1.0.1.34, D8500 before 1.0.3.39, DGN2200v4 before 1.0.0.94, DGN2200Bv4 before 1.0.0.94, EX6200v2 before 1.0.1.50, EX7000 before 1.0.0.56, JR6150 before 1.0.1.18, R6050 before 1.0.1.10J, R6100 before 1.0.1.16, R6150 before 1.0.1.10, R6220 before 1.1.0.50, R6250 before 1.0.4.12, R6300v2 before 1.0.4.12, R6400 before 1.0.1.24, R6400v2 before 1.0.2.32, R6700 before 1.0.1.26, R6700v2 before 1.2.0.4, R6800 before 1.0.1.10, R6900 before 1.0.1.26, R6900P before 1.0.0.58, R6900v2 before 1.2.0.4, R7000 before 1.0.9.6, R7000P before 1.0.0.58, R7100LG before 1.0.0.32, R7300 before 1.0.0.54, R7500 before 1.0.0.112, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R7900 before 1.0.1.18, R8000 before 1.0.3.48, R8300 before 1.0.2.104, R8500 before 1.0.2.104, R9000 before 1.0.2.40, WNDR3400v3 before 1.0.1.14, WNDR3700v4 before 1.0.2.96, WNDR4300v1 before 1.0.2.98, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR3500Lv2 before 1.2.0.44.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:22 Apr, 2020 | 14:54
Updated At:05 Aug, 2024 | 21:37
Rejected At:
▼CVE Numbering Authority (CNA)

Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects D6220 before 1.0.0.40, D6400 before 1.0.0.74, D7000 before 1.0.1.60, D7800 before 1.0.1.34, D8500 before 1.0.3.39, DGN2200v4 before 1.0.0.94, DGN2200Bv4 before 1.0.0.94, EX6200v2 before 1.0.1.50, EX7000 before 1.0.0.56, JR6150 before 1.0.1.18, R6050 before 1.0.1.10J, R6100 before 1.0.1.16, R6150 before 1.0.1.10, R6220 before 1.1.0.50, R6250 before 1.0.4.12, R6300v2 before 1.0.4.12, R6400 before 1.0.1.24, R6400v2 before 1.0.2.32, R6700 before 1.0.1.26, R6700v2 before 1.2.0.4, R6800 before 1.0.1.10, R6900 before 1.0.1.26, R6900P before 1.0.0.58, R6900v2 before 1.2.0.4, R7000 before 1.0.9.6, R7000P before 1.0.0.58, R7100LG before 1.0.0.32, R7300 before 1.0.0.54, R7500 before 1.0.0.112, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R7900 before 1.0.1.18, R8000 before 1.0.3.48, R8300 before 1.0.2.104, R8500 before 1.0.2.104, R9000 before 1.0.2.40, WNDR3400v3 before 1.0.1.14, WNDR3700v4 before 1.0.2.96, WNDR4300v1 before 1.0.2.98, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR3500Lv2 before 1.2.0.44.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
3.04.6MEDIUM
CVSS:3.0/AC:L/AV:P/A:N/C:H/I:N/PR:N/S:U/UI:N
Version: 3.0
Base score: 4.6
Base severity: MEDIUM
Vector:
CVSS:3.0/AC:L/AV:P/A:N/C:H/I:N/PR:N/S:U/UI:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://kb.netgear.com/000051474/Security-Advisory-for-Arbitrary-File-Read-on-Some-Routers-Gateways-and-Extenders-PSV-2016-0122
x_refsource_CONFIRM
Hyperlink: https://kb.netgear.com/000051474/Security-Advisory-for-Arbitrary-File-Read-on-Some-Routers-Gateways-and-Extenders-PSV-2016-0122
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://kb.netgear.com/000051474/Security-Advisory-for-Arbitrary-File-Read-on-Some-Routers-Gateways-and-Extenders-PSV-2016-0122
x_refsource_CONFIRM
x_transferred
Hyperlink: https://kb.netgear.com/000051474/Security-Advisory-for-Arbitrary-File-Read-on-Some-Routers-Gateways-and-Extenders-PSV-2016-0122
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:22 Apr, 2020 | 15:15
Updated At:23 Apr, 2020 | 20:19

Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects D6220 before 1.0.0.40, D6400 before 1.0.0.74, D7000 before 1.0.1.60, D7800 before 1.0.1.34, D8500 before 1.0.3.39, DGN2200v4 before 1.0.0.94, DGN2200Bv4 before 1.0.0.94, EX6200v2 before 1.0.1.50, EX7000 before 1.0.0.56, JR6150 before 1.0.1.18, R6050 before 1.0.1.10J, R6100 before 1.0.1.16, R6150 before 1.0.1.10, R6220 before 1.1.0.50, R6250 before 1.0.4.12, R6300v2 before 1.0.4.12, R6400 before 1.0.1.24, R6400v2 before 1.0.2.32, R6700 before 1.0.1.26, R6700v2 before 1.2.0.4, R6800 before 1.0.1.10, R6900 before 1.0.1.26, R6900P before 1.0.0.58, R6900v2 before 1.2.0.4, R7000 before 1.0.9.6, R7000P before 1.0.0.58, R7100LG before 1.0.0.32, R7300 before 1.0.0.54, R7500 before 1.0.0.112, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R7900 before 1.0.1.18, R8000 before 1.0.3.48, R8300 before 1.0.2.104, R8500 before 1.0.2.104, R9000 before 1.0.2.40, WNDR3400v3 before 1.0.1.14, WNDR3700v4 before 1.0.2.96, WNDR4300v1 before 1.0.2.98, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR3500Lv2 before 1.2.0.44.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.14.6MEDIUM
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Secondary3.04.6MEDIUM
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary2.02.1LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 4.6
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.0
Base score: 4.6
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 2.1
Base severity: LOW
Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
NETGEAR, Inc.
netgear
>>d6220_firmware>>Versions before 1.0.0.40(exclusive)
cpe:2.3:o:netgear:d6220_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>d6220>>-
cpe:2.3:h:netgear:d6220:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>d6400_firmware>>Versions before 1.0.0.74(exclusive)
cpe:2.3:o:netgear:d6400_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>d6400>>-
cpe:2.3:h:netgear:d6400:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>d7000_firmware>>Versions before 1.0.1.60(exclusive)
cpe:2.3:o:netgear:d7000_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>d7000>>-
cpe:2.3:h:netgear:d7000:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>d7800_firmware>>Versions before 1.0.1.34(exclusive)
cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>d7800>>-
cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>d8500_firmware>>Versions before 1.0.3.39(exclusive)
cpe:2.3:o:netgear:d8500_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>d8500>>-
cpe:2.3:h:netgear:d8500:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>dgn2200_firmware>>Versions before 1.0.0.94(exclusive)
cpe:2.3:o:netgear:dgn2200_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>dgn2200>>v4
cpe:2.3:h:netgear:dgn2200:v4:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>dgn2200b_firmware>>Versions before 1.0.0.94(exclusive)
cpe:2.3:o:netgear:dgn2200b_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>dgn2200b>>v4
cpe:2.3:h:netgear:dgn2200b:v4:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>ex6200_firmware>>Versions before 1.0.1.50(exclusive)
cpe:2.3:o:netgear:ex6200_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>ex6200>>v2
cpe:2.3:h:netgear:ex6200:v2:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>ex7000_firmware>>Versions before 1.0.0.56(exclusive)
cpe:2.3:o:netgear:ex7000_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>ex7000>>-
cpe:2.3:h:netgear:ex7000:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>jr6150_firmware>>Versions before 1.0.1.18(exclusive)
cpe:2.3:o:netgear:jr6150_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>jr6150>>-
cpe:2.3:h:netgear:jr6150:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r6050_firmware>>Versions before 1.0.1.10j(exclusive)
cpe:2.3:o:netgear:r6050_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r6050>>-
cpe:2.3:h:netgear:r6050:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r6100_firmware>>Versions before 1.0.1.16(exclusive)
cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r6100>>-
cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r6150_firmware>>Versions before 1.0.1.10(exclusive)
cpe:2.3:o:netgear:r6150_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r6150>>-
cpe:2.3:h:netgear:r6150:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r6220_firmware>>Versions before 1.1.0.50(exclusive)
cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r6220>>-
cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r6250_firmware>>Versions before 1.0.4.12(exclusive)
cpe:2.3:o:netgear:r6250_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r6250>>-
cpe:2.3:h:netgear:r6250:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r6300_firmware>>Versions before 1.0.4.12(exclusive)
cpe:2.3:o:netgear:r6300_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r6300>>v2
cpe:2.3:h:netgear:r6300:v2:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r6400_firmware>>Versions before 1.0.1.24(exclusive)
cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r6400>>-
cpe:2.3:h:netgear:r6400:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r6400_firmware>>Versions before 1.0.2.32(exclusive)
cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r6400>>v2
cpe:2.3:h:netgear:r6400:v2:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r6700_firmware>>Versions before 1.0.1.26(exclusive)
cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r6700>>-
cpe:2.3:h:netgear:r6700:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r6700_firmware>>Versions before 1.2.0.4(exclusive)
cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r6700>>v2
cpe:2.3:h:netgear:r6700:v2:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r6800_firmware>>Versions before 1.0.1.10(exclusive)
cpe:2.3:o:netgear:r6800_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r6800>>-
cpe:2.3:h:netgear:r6800:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r6900_firmware>>Versions before 1.0.1.26(exclusive)
cpe:2.3:o:netgear:r6900_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r6900>>-
cpe:2.3:h:netgear:r6900:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r6900p_firmware>>Versions before 1.0.0.58(exclusive)
cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r6900p>>-
cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r6900_firmware>>Versions before 1.2.0.4(exclusive)
cpe:2.3:o:netgear:r6900_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r6900>>v2
cpe:2.3:h:netgear:r6900:v2:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r7000_firmware>>Versions before 1.0.9.6(exclusive)
cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r7000>>-
cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-200Primarynvd@nist.gov
CWE ID: CWE-200
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://kb.netgear.com/000051474/Security-Advisory-for-Arbitrary-File-Read-on-Some-Routers-Gateways-and-Extenders-PSV-2016-0122cve@mitre.org
Vendor Advisory
Hyperlink: https://kb.netgear.com/000051474/Security-Advisory-for-Arbitrary-File-Read-on-Some-Routers-Gateways-and-Extenders-PSV-2016-0122
Source: cve@mitre.org
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

953Records found
CVE-2018-21136
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.06% / 17.54%
||
7 Day CHG~0.00%
Published-23 Apr, 2020 | 20:04
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects D3600 before 1.0.0.76 and D6000 before 1.0.0.76.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d3600d3600_firmwared6000_firmwared6000n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-18847
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.06% / 18.79%
||
7 Day CHG~0.00%
Published-20 Apr, 2020 | 15:32
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects R6400v2 before 1.0.2.32, R7000P/R6900P before 1.0.0.56, R7900 before 1.0.1.18, R8300 before 1.0.2.100_1.0.82, R8500 before 1.0.2.100_1.0.82, and D8500 before 1.0.3.29.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r8300r8500_firmwarer8500d8500_firmwarer7900_firmwarer6900pr7000p_firmwared8500r8300_firmwarer6400r6400_firmwarer7900r7000pr6900p_firmwaren/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-18789
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.05% / 14.22%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 13:40
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects R6250 before V1.0.4.8, R6400 before V1.0.1.22, R6400v2 before V1.0.2.32, R7100LG before V1.0.0.32, R7300 before V1.0.0.52, R8300 before V1.0.2.94, R8500 before V1.0.2.100, D6220 before V1.0.0.28, D6400 before V1.0.0.60, and D8500 before V1.0.3.29.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r8500r7300d8500r7300_firmwarer8300_firmwarer6400_firmwarer7100lgd6400d6220r8300r7100lg_firmwarer8500_firmwared6400_firmwared6220_firmwarer6400d8500_firmwarer6250_firmwarer6250n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-45649
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.9||HIGH
EPSS-0.05% / 14.75%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:29
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects R6400v2 before 1.0.4.84, R6700v3 before 1.0.4.84, R7000 before 1.0.11.126, R6900P before 1.3.2.126, and R7000P before 1.3.2.126.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r6400v2_firmwarer7000_firmwarer7000p_firmwarer6700v3r6400v2r6700v3_firmwarer7000r6900pr7000pr6900p_firmwaren/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-45603
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.02% / 2.92%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:38
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by disclosure of sensitive information. A UPnP request reveals a device's serial number, which can be used for a password reset. This affects D7800 before 1.0.1.66, EX2700 before 1.0.1.68, WN3000RPv2 before 1.0.0.90, WN3000RPv3 before 1.0.2.100, LBR1020 before 2.6.5.20, LBR20 before 2.6.5.32, R6700AX before 1.0.10.110, R7800 before 1.0.2.86, R8900 before 1.0.5.38, R9000 before 1.0.5.38, RAX10 before 1.0.10.110, RAX120v1 before 1.2.3.28, RAX120v2 before 1.2.3.28, RAX70 before 1.0.10.110, RAX78 before 1.0.10.110, XR450 before 2.3.2.130, XR500 before 2.3.2.130, and XR700 before 1.0.1.46.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rax70wn3000rpv2rax120v1r8900_firmwared7800r6700axrax120v2_firmwarewn3000rpv3rax78rax70_firmwarexr500_firmwarexr700_firmwarexr450_firmwarerax10_firmwarexr500rax10rax120v2d7800_firmwarewn3000rpv3_firmwarer8900r9000_firmwarewn3000rpv2_firmwarerax120v1_firmwarerax78_firmwarelbr1020_firmwareex2700r9000r7800ex2700_firmwarelbr20r7800_firmwarelbr20_firmwarelbr1020xr450xr700r6700ax_firmwaren/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-18797
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.06% / 17.83%
||
7 Day CHG~0.00%
Published-21 Apr, 2020 | 18:37
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects R6400 before 1.0.1.24, R7900 before 1.0.1.18, R8000 before 1.0.3.54, and R8500 before 1.0.2.100.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r8500_firmwarer8500r7900_firmwarer8000r6400r6400_firmwarer7900r8000_firmwaren/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-18790
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.06% / 19.69%
||
7 Day CHG~0.00%
Published-21 Apr, 2020 | 18:51
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects R6700 before 1.0.1.26, R7000 before 1.0.9.10, R7100LG before 1.0.0.32, R7900 before 1.0.1.18, R8000 before 1.0.3.54, and R8500 before 1.0.2.100.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r8500_firmwarer7100lg_firmwarer8500r7900_firmwarer7000_firmwarer7100lgr6700r8000r7000r6700_firmwarer7900r8000_firmwaren/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-34283
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-4.6||MEDIUM
EPSS-0.37% / 57.78%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:57
Updated-03 Jan, 2025 | 17:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NETGEAR RAX30 USB Share Link Following Information Disclosure Vulnerability

NETGEAR RAX30 USB Share Link Following Information Disclosure Vulnerability. This vulnerability allows physically present attackers to disclose sensitive information on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of symbolic links on removable USB media. By creating a symbolic link, an attacker can abuse the router's web server to access arbitrary local files. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-19498.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-rax30_firmwarerax30RAX30rax30_firmware
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2012-6340
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.24% / 47.41%
||
7 Day CHG~0.00%
Published-06 Feb, 2020 | 17:54
Updated-06 Aug, 2024 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Authentication vulnerability exists in NETGEAR WGR614 v7 and v9 due to a hardcoded credential used for serial programming, a related issue to CVE-2006-1002.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wgr614v9_firmwarewgr614v7_firmwarewgr614v9wgr614v7n/a
CWE ID-CWE-287
Improper Authentication
CVE-2020-35803
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.06% / 18.02%
||
7 Day CHG~0.00%
Published-29 Dec, 2020 | 23:37
Updated-04 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.46, R6080 before 1.0.0.46, R6120 before 1.0.0.72, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.76, R6700v2 before 1.2.0.74, R6800 before 1.2.0.74, R6900v2 before 1.2.0.74, R7450 before 1.2.0.74, AC2100 before 1.2.0.74, AC2400 before 1.2.0.74, and AC2600 before 1.2.0.74.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r6700v2_firmwared7000r6120r6080r7450_firmwared7000_firmwarer6230r6220_firmwareac2600r6080_firmwareac2400r6900v2r6230_firmwareac2100_firmwarer6120_firmwared6200_firmwarer6800r6900v2_firmwarer6700v2ac2100r7450r6260_firmwarer6260r6220r6020d6200ac2400_firmwarer6020_firmwarer6800_firmwareac2600_firmwaren/a
CVE-2017-18845
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.05% / 15.99%
||
7 Day CHG~0.00%
Published-20 Apr, 2020 | 15:42
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects R6700v2 before 1.1.0.38 and R6800 before 1.1.0.38.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r6700_firmwarer6800r6800_firmwarer6700n/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2017-18824
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4||MEDIUM
EPSS-0.02% / 4.75%
||
7 Day CHG~0.00%
Published-20 Apr, 2020 | 16:43
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by directory traversal. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-m4300-52g_firmwarem4300-52gm4300-12x12f_firmwarem4300-28gm4300-28g-poe\+m4300-48x_firmwarem4300-48xm4200m4300-52g-poe\+_firmwarem4300-8x8fm4300-24x_firmwarem4300-28g-poe\+_firmwarem4300-28g_firmwarem4300-52g-poe\+m4300-12x12fm4300-8x8f_firmwarem4200_firmwarem4300-24x24f_firmwarem4300-24x24fm4300-24xn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-18819
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4||MEDIUM
EPSS-0.05% / 16.70%
||
7 Day CHG~0.00%
Published-21 Apr, 2020 | 14:07
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR ReadyNAS OS 6 devices, running ReadyNAS OS versions prior to 6.8.0 are affected by incorrect configuration of security settings.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-readynas_osn/a
CVE-2019-20652
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.9||HIGH
EPSS-0.13% / 33.10%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 18:38
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR WAC505 devices before 8.2.1.16 are affected by disclosure of sensitive information.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wac505_firmwarewac505n/a
CVE-2002-1892
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.14% / 35.34%
||
7 Day CHG~0.00%
Published-28 Jun, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR FVS318 running firmware 1.1 stores the username and password in a readable format when a backup of the configuration file is made, which allows local users to obtain sensitive information.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-fvs318n/a
CVE-2020-35804
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.6||HIGH
EPSS-0.06% / 18.07%
||
7 Day CHG~0.00%
Published-29 Dec, 2020 | 23:37
Updated-04 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects D7800 before 1.0.1.58, R7800 before 1.0.2.74, R8900 before 1.0.5.18, R9000 before 1.0.5.18, and XR700 before 1.0.1.34.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r7800d7800_firmwarer8900r9000_firmwarer8900_firmwarer7800_firmwared7800xr700_firmwarer9000xr700n/a
CVE-2021-20171
Matching Score-8
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-8
Assigner-Tenable Network Security, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 5.81%
||
7 Day CHG~0.00%
Published-30 Dec, 2021 | 21:31
Updated-03 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netgear RAX43 version 1.0.3.96 stores sensitive information in plaintext. All usernames and passwords for the device's associated services are stored in plaintext on the device. For example, the admin password is stored in plaintext in the primary configuration file on the device.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rax43_firmwarerax43Netgear RAX43
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2017-18843
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.05% / 15.99%
||
7 Day CHG~0.00%
Published-20 Apr, 2020 | 15:44
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects R6700v2 before 1.1.0.38, R6800 before 1.1.0.38, and D7000 before 1.0.1.50.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r6800d7000d7000_firmwarer6700r6700_firmwarer6800_firmwaren/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2017-18844
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.11% / 30.37%
||
7 Day CHG~0.00%
Published-20 Apr, 2020 | 15:43
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects R6700v2 before 1.1.0.38, R6800 before 1.1.0.38, and D7000 before 1.0.1.50.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r6800d7000d7000_firmwarer6700r6700_firmwarer6800_firmwaren/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2017-18777
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.05% / 15.99%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 14:42
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by administrative password disclosure. This affects D6220 before V1.0.0.28, D6400 before V1.0.0.60, D8500 before V1.0.3.29, DGN2200v4 before 1.0.0.82, DGN2200Bv4 before 1.0.0.82, R6300v2 before 1.0.4.8, R6400 before 1.0.1.20, R6700 before 1.0.1.20, R6900 before 1.0.1.20, R7000 before 1.0.7.10, R7100LG before V1.0.0.32, R7300DST before 1.0.0.52, R7900 before 1.0.1.16, R8000 before 1.0.3.36, R8300 before 1.0.2.94, R8500 before 1.0.2.94, WNDR3400v3 before 1.0.1.12, and WNR3500Lv2 before 1.2.0.40.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r8000r6400_firmwarer7100lgr7900wndr3400d6220r8300r7100lg_firmwarer7300dst_firmwarer8500_firmwaredgn2200r7000_firmwared6400_firmwarer7300dstd6220_firmwarer6300_firmwared8500_firmwaredgn2200b_firmwarer8500d8500wndr3400_firmwaredgn2200br6700r8300_firmwarer7000wnr3500l_firmwarer6900d6400wnr3500ldgn2200_firmwarer6900_firmwarer7900_firmwarer6300r6400r6700_firmwarer8000_firmwaren/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2016-5638
Matching Score-6
Assigner-CERT/CC
ShareView Details
Matching Score-6
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-1.27% / 78.64%
||
7 Day CHG~0.00%
Published-24 Jul, 2018 | 15:00
Updated-06 Aug, 2024 | 01:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netgear WNDR4500 running firmware version V1.0.1.40_1.0.6877 reveals some sensitive information such as 2.4GHz & 5GHz Wireless Network Name (SSID) and Network Key (Password) in clear text

There are few web pages associated with the genie app on the Netgear WNDR4500 running firmware version V1.0.1.40_1.0.6877. Genie app adds some capabilities over the Web GUI and can be accessed even when you are away from home. A remote attacker can access genie_ping.htm or genie_ping2.htm or genie_ping3.htm page without authentication. Once accessed, the page will be redirected to the aCongratulations2.htma page, which reveals some sensitive information such as 2.4GHz & 5GHz Wireless Network Name (SSID) and Network Key (Password) in clear text.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-wndr4500_firmwarewndr4500WNDR4500
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-1556
Matching Score-6
Assigner-CERT/CC
ShareView Details
Matching Score-6
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-0.95% / 75.47%
||
7 Day CHG~0.00%
Published-21 Apr, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Information disclosure in Netgear WN604 before 3.3.3; WNAP210, WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0; and WND930 before 2.0.11 allows remote attackers to read the wireless WPS PIN or passphrase by visiting unauthenticated webpages.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wnd930wndap360_firmwarewndap350_firmwarewnap320wndap350wn604_firmwarewndap210v2wn604wnd930_firmwarewndap210v2_firmwarewnap320_firmwarewndap360n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-1557
Matching Score-6
Assigner-CERT/CC
ShareView Details
Matching Score-6
Assigner-CERT/CC
CVSS Score-9.8||CRITICAL
EPSS-1.18% / 77.90%
||
7 Day CHG~0.00%
Published-21 Apr, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless passwords and administrative usernames and passwords over SNMP.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wndap360_firmwarewnap320wndap350_firmwarewndap350wnap320_firmwarewndap360n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-11059
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.65%
||
7 Day CHG~0.00%
Published-28 Apr, 2020 | 16:20
Updated-06 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by password exposure. This affects AC1450 before 2017-01-06, C6300 before 2017-01-06, D500 before 2017-01-06, D1500 before 2017-01-06, D3600 before 2017-01-06, D6000 before 2017-01-06, D6100 before 2017-01-06, D6200 before 2017-01-06, D6200B before 2017-01-06, D6300B before 2017-01-06, D6300 before 2017-01-06, DGN1000v3 before 2017-01-06, DGN2200v1 before 2017-01-06, DGN2200v3 before 2017-01-06, DGN2200V4 before 2017-01-06, DGN2200Bv3 before 2017-01-06, DGN2200Bv4 before 2017-01-06, DGND3700v1 before 2017-01-06, DGND3700v2 before 2017-01-06, DGND3700Bv2 before 2017-01-06, JNR1010v1 before 2017-01-06, JNR1010v2 before 2017-01-06, JNR3300 before 2017-01-06, JR6100 before 2017-01-06, JR6150 before 2017-01-06, JWNR2000v5 before 2017-01-06, R2000 before 2017-01-06, R6050 before 2017-01-06, R6100 before 2017-01-06, R6200 before 2017-01-06, R6200v2 before 2017-01-06, R6220 before 2017-01-06, R6250 before 2017-01-06, R6300 before 2017-01-06, R6300v2 before 2017-01-06, R6700 before 2017-01-06, R7000 before 2017-01-06, R7900 before 2017-01-06, R7500 before 2017-01-06, R8000 before 2017-01-06, WGR614v10 before 2017-01-06, WNR1000v2 before 2017-01-06, WNR1000v3 before 2017-01-06, WNR1000v4 before 2017-01-06, WNR2000v3 before 2017-01-06, WNR2000v4 before 2017-01-06, WNR2000v5 before 2017-01-06, WNR2200 before 2017-01-06, WNR2500 before 2017-01-06, WNR3500Lv2 before 2017-01-06, WNDR3400v2 before 2017-01-06, WNDR3400v3 before 2017-01-06, WNDR3700v3 before 2017-01-06, WNDR3700v4 before 2017-01-06, WNDR3700v5 before 2017-01-06, WNDR4300 before 2017-01-06, WNDR4300v2 before 2017-01-06, WNDR4500v1 before 2017-01-06, WNDR4500v2 before 2017-01-06, and WNDR4500v3 before 2017-01-06.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-dgnd3700r2000_firmwaredgnd3700b_firmwarewndr3700r6220_firmwarec6300wndr4300_firmwared1500r7500_firmwared6200b_firmwared6300_firmwarer6050r7000_firmwarer6220wndr4500d6200bd3600r6300_firmwaredgn2200b_firmwared6300wnr2500_firmwaredgn2200bjwnr2000_firmwarer6700wndr3700_firmwarer7000wnr2000_firmwarewnr3500l_firmwared6000r7500wnr2200_firmwarer7900_firmwareac1450dgn1000_firmwarejr6150_firmwared6200c6300_firmwarer6700_firmwarewnr2000r8000_firmwarer6250jnr1010_firmwared500dgnd3700_firmwared6000_firmwareac1450_firmwarer8000r6100_firmwarer7900wndr3400d500_firmwared3600_firmwarewnr2500wnr1000_firmwared6300b_firmwaredgn2200dgn1000wgr614jnr3300_firmwared6100_firmwarejr6100_firmwarer6100dgnd3700bwgr614_firmwarer6250_firmwared6300br6200_firmwarewndr3400_firmwarejnr3300wnr1000wndr4500_firmwarejwnr2000r6200wnr3500lr2000d6200_firmwaredgn2200_firmwarer6050_firmwared1500_firmwared6100jr6150r6300jnr1010wndr4300jr6100wnr2200n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-10175
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-81.61% / 99.14%
||
7 Day CHG~0.00%
Published-30 Jan, 2017 | 04:24
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The NETGEAR WNR2000v5 router leaks its serial number when performing a request to the /BRS_netgear_success.html URI. This serial number allows a user to obtain the administrator username and password, when used in combination with the CVE-2016-10176 vulnerability that allows resetting the answers to the password-recovery questions.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wnr2000v5_firmwarewnr2000v5n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-1430
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 13.60%
||
7 Day CHG~0.00%
Published-11 Feb, 2024 | 00:31
Updated-25 Aug, 2024 | 06:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netgear R7000 Web Management Interface currentsetting.htm information disclosure

A vulnerability has been found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /currentsetting.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-r7000_firmwarer7000R7000r7000_firmware
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-1431
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 13.60%
||
7 Day CHG~0.00%
Published-11 Feb, 2024 | 02:31
Updated-01 Aug, 2024 | 18:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netgear R7000 Web Management Interface debuginfo.htm information disclosure

A vulnerability was found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this issue is some unknown functionality of the file /debuginfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-253382 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-r7000_firmwarer7000R7000
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-8289
Matching Score-6
Assigner-CERT/CC
ShareView Details
Matching Score-6
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-0.75% / 72.11%
||
7 Day CHG~0.00%
Published-20 Jun, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The password-recovery feature on NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier allows remote attackers to discover the cleartext administrator password by reading the cgi-bin/passrec.asp HTML source code.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d3600_firmwared6000d6000_firmwared3600n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-4977
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.11% / 30.07%
||
7 Day CHG~0.00%
Published-20 May, 2025 | 13:00
Updated-12 Jun, 2025 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netgear DGND3700 BRS_top.html information disclosure

A vulnerability, which was classified as problematic, has been found in Netgear DGND3700 1.1.00.15_1.00.15NA. Affected by this issue is some unknown functionality of the file /BRS_top.html. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other products might be affected as well. The vendor was contacted early about this disclosure.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-dgnd3700_firmwaredgnd3700DGND3700
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-284
Improper Access Control
CVE-2025-4980
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.11% / 30.07%
||
7 Day CHG~0.00%
Published-20 May, 2025 | 14:00
Updated-12 Jun, 2025 | 16:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netgear DGND3700 mini_http currentsetting.htm information disclosure

A vulnerability has been found in Netgear DGND3700 1.1.00.15_1.00.15NA and classified as problematic. This vulnerability affects unknown code of the file /currentsetting.htm of the component mini_http. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other products might be affected as well. The vendor was contacted early about this disclosure.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-dgnd3700_firmwaredgnd3700DGND3700
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-284
Improper Access Control
CVE-2018-21168
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.32% / 54.65%
||
7 Day CHG~0.00%
Published-27 Apr, 2020 | 17:30
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects D7000 before 1.0.1.52, D7800 before 1.0.1.31, D8500 before 1.0.3.36, JNR1010v2 before 1.1.0.46, JR6150 before 1.0.1.14, JWNR2010v5 before 1.1.0.46, PR2000 before 1.0.0.20, R6050 before 1.0.1.14, R6220 before 1.1.0.60, R6400 before 1.1.0.26, R6400v2 before 1.0.2.46, R6700v2 before 1.2.0.2, R6800 before 1.2.0.2, R6900v2 before 1.2.0.2, R7300DST before 1.0.0.56, R7500 before 1.0.0.112, R7500v2 before 1.0.3.24, R7800 before 1.0.2.36, R7900P before 1.1.4.6, R8000P before 1.1.4.6, R8300 before 1.0.2.104, R8500 before 1.0.2.104, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.94, WNDR3700v5 before 1.1.0.50, WNDR4300 before 1.0.2.96, WNDR4300v2 before 1.0.0.52, WNDR4500v3 before 1.0.0.52, WNR1000v4 before 1.1.0.46, WNR2020 before 1.1.0.46, and WNR2050 before 1.1.0.46.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-jnr1010_firmwarewnr2020_firmwarewndr3700wnr2020r6220_firmwarepr2000r6400_firmwarejwnr2010d7800r8000pwndr4300_firmwarer7500_firmwarer6800r7300dst_firmwarer8300r8500_firmwarer6050pr2000_firmwarewnr1000_firmwarer6220r8000p_firmwarewndr4500r7300dstd8500_firmwarer7900pd7800_firmwared7000r8500r9000_firmwared8500d7000_firmwarer6700r8300_firmwarewndr3700_firmwarewnr1000wndr4500_firmwarer6900r7500r9000r6900_firmwarer6050_firmwarer7800wnr2050jr6150_firmwarejr6150wnr2050_firmwarewndr4300jnr1010r7800_firmwarer6400r6700_firmwarer7900p_firmwarer6800_firmwarejwnr2010_firmwaren/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-21143
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 40.02%
||
7 Day CHG~0.00%
Published-21 Apr, 2020 | 20:59
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR GS810EMX devices before 1.0.0.5 are affected by disclosure of sensitive information.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-gs810emx_firmwaregs810emxn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-21139
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.26% / 49.06%
||
7 Day CHG~0.00%
Published-23 Apr, 2020 | 20:12
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects D1500 before 1.0.0.27, D500 before 1.0.0.27, D6100 before 1.0.0.58, D6200 before 1.1.00.30, D6220 before 1.0.0.46, D6400 before 1.0.0.82, D7000 before 1.0.1.68, D7000v2 before 1.0.0.51, D7800 before 1.0.1.42, D8500 before 1.0.3.42, DC112A before 1.0.0.40, DGN2200Bv4 before 1.0.0.102, DGN2200v4 before 1.0.0.102, JNR1010v2 before 1.1.0.54, JR6150 before 1.0.1.18, JWNR2010v5 before 1.1.0.54, PR2000 before 1.0.0.24, R6020 before 1.0.0.34, R6050 before 1.0.1.18, R6080 before 1.0.0.34, R6100 before 1.0.1.22, R6120 before 1.0.0.42, R6220 before 1.1.0.68, R6250 before 1.0.4.30, R6300v2 before 1.0.4.32, R6400 before 1.0.1.44, R6400v2 before 1.0.2.60, R6700 before 1.0.1.48, R6700v2 before 1.2.0.24, R6800 before 1.2.0.24, R6900 before 1.0.1.48, R6900P before 1.3.1.44, R6900v2 before 1.2.0.24, R7000 before 1.0.9.34, R7000P before 1.3.1.44, R7100LG before 1.0.0.48, R7300 before 1.0.0.68, R7500 before 1.0.0.124, R7500v2 before 1.0.3.38, R7900 before 1.0.2.16, R7900P before 1.4.1.24, R8000 before 1.0.4.18, R8000P before 1.4.1.24, R8300 before 1.0.2.122, R8500 before 1.0.2.122, WN3000RP before 1.0.0.68, WN3000RPv2 before 1.0.0.68, WNDR3400v3 before 1.0.1.18, WNDR3700v4 before 1.0.2.102, WNDR3700v5 before 1.1.0.54, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.56, WNDR4500v3 before 1.0.0.56, WNR1000v4 before 1.1.0.54, WNR2020 before 1.1.0.54, WNR2050 before 1.1.0.54, and WNR3500Lv2 before 1.2.0.54.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wnr2020_firmwarewndr3700r6120r6220_firmwarepr2000r6080_firmwarer6400_firmwarer7100lgwndr4300_firmwarer6900p_firmwared1500d6220r7100lg_firmwarer7500_firmwarer8300r6050r8500_firmwarer7000_firmwarer6220r6020wndr4500d6220_firmwarer6300_firmwared8500_firmwaredgn2200b_firmwarer7900pr6020_firmwarewn3000rp_firmwared7000d8500r6080dgn2200br6700wndr3700_firmwarer7000wnr3500l_firmwared6400r7500r6900_firmwarer7900_firmwarejr6150_firmwared6200r6700_firmwarer7900p_firmwarer6800_firmwarer8000_firmwarer6250jnr1010_firmwared500r7300wn3000rpwnr2020r7300_firmwarer8000r6900pd7800jwnr2010r6100_firmwarer7900r8000pr6120_firmwarewndr3400d500_firmwarer6800wnr1000_firmwaredgn2200pr2000_firmwarer8000p_firmwared6100_firmwared6400_firmwarer6100r6250_firmwarer7000p_firmwared7800_firmwaredc112ar8500wndr3400_firmwared7000_firmwarer8300_firmwarewnr1000wndr4500_firmwarer6900r7000pwnr3500ld6200_firmwaredgn2200_firmwarer6050_firmwarewnr2050d1500_firmwared6100jr6150wnr2050_firmwaredc112a_firmwarer6300jnr1010wndr4300r6400jwnr2010_firmwaren/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-21129
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.10% / 27.79%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 17:34
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wac505_firmwarewac510_firmwarewac505wac510n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-3070
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.03% / 83.05%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 18:42
Updated-06 Aug, 2024 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Information Disclosure vulnerability exists in Netgear WNDR4700 running firmware 1.0.0.34 in the management web interface, which discloses the PSK of the wireless LAN.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wndr4700_firmwarewndr4700n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2012-6341
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.47% / 63.77%
||
7 Day CHG~0.00%
Published-06 Feb, 2020 | 18:17
Updated-06 Aug, 2024 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Information Disclosure vulnerability exists in the my config file in NEtGEAR WGR614 v7 and v9, which could let a malicious user recover all previously used passwords on the device, for both the control panel and WEP/WPA/WPA2, in plaintext. This is a different issue than CVE-2012-6340.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wgr614v9_firmwarewgr614v7_firmwarewgr614v9wgr614v7n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-6646
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-93.13% / 99.78%
||
7 Day CHG~0.00%
Published-10 Jul, 2024 | 17:31
Updated-01 Aug, 2024 | 21:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netgear WN604 Web Interface downloadFile.php information disclosure

A vulnerability was found in Netgear WN604 up to 20240710. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /downloadFile.php of the component Web Interface. The manipulation of the argument file with the input config leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271052. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-WN604wn604
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-18704
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 40.02%
||
7 Day CHG~0.00%
Published-24 Apr, 2020 | 14:05
Updated-05 Aug, 2024 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects D6220 before 1.0.0.32, D6400 before 1.0.0.60, D8500 before 1.0.3.29, R6250 before 1.0.4.16, R6300v2 before 1.0.4.18, R6400 before 1.01.32, R6400v2 before 1.0.2.44, R6700 before 1.0.1.36, R6900 before 1.0.1.34, R7000 before 1.0.9.14, R7000P before 1.3.0.8, R6900P before 1.3.0.8, R7100LG before 1.0.0.34, R7300DST before 1.0.0.56, R7900 before 1.0.1.26, R8000 before 1.0.4.4, R8500 before 1.0.2.106, R8300 before 1.0.2.106, and WNDR3400v3 before 1.0.1.16.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r8000r6400_firmwarer6900pr7100lgr7900r6900p_firmwarewndr3400d6220r8500_firmwarer7100lg_firmwarer7300dst_firmwarer8300r7000_firmwared6400_firmwarer7300dstd6220_firmwarer6300_firmwared8500_firmwarer6250_firmwarer7000p_firmwarer8500d8500wndr3400_firmwarer6700r8300_firmwarer7000r6900d6400r7000pr6900_firmwarer7900_firmwarer6300r6400r6700_firmwarer8000_firmwarer6250n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-18712
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 40.02%
||
7 Day CHG~0.00%
Published-24 Apr, 2020 | 13:35
Updated-05 Aug, 2024 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects D7800 before 1.0.1.28, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR4300v2 before 1.0.0.48, and WNDR4500v3 before 1.0.0.48.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r7500_firmwarer7800d7800_firmwarer9000_firmwarewndr4500r6100wndr4300r7800_firmwarewndr4500_firmwared7800r6100_firmwarer9000wndr4300_firmwarer7500n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-45646
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.31% / 53.38%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:29
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR R7000 devices before 1.0.11.116 are affected by disclosure of sensitive information.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r7000_firmwarer7000n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-45647
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.27% / 49.70%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:29
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects EAX80 before 1.0.1.62, EX7000 before 1.0.1.104, R6120 before 1.0.0.76, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.78, R6850 before 1.1.0.78, R6350 before 1.1.0.78, R6330 before 1.1.0.78, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6700v2 before 1.2.0.76, R7000 before 1.0.11.116, R6900P before 1.3.3.140, R7000P before 1.3.3.140, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, R7900 before 1.0.4.38, R7960P before 1.4.1.66, R8000 before 1.0.4.68, R7900P before 1.4.1.66, R8000P before 1.4.1.66, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX200 before 1.0.3.106, RAX45 before 1.0.2.72, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, and RAX80 before 1.0.3.106.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-eax80rax15r6120r6220_firmwareac2600ac2400rax50r6900p_firmwarer7960prax45r6260_firmwarer7000_firmwarer6220eax80_firmwarerax20ac2400_firmwarer7350_firmwarer7900pr7200rax20_firmwarer6230r6330r6230_firmwarer7000rax80_firmwareac2100_firmwarer7400r6700v2r6850r6350r7900_firmwareex7000_firmwarer7900p_firmwarer6800_firmwarer8000_firmwarer6700v2_firmwarerax80r6850_firmwarer7450_firmwarer8000rax75ex7000r6900v2r6900pr7900r8000pr6120_firmwarer7200_firmwarer6800r6900v2_firmwarer6260r8000p_firmwarer6330_firmwarerax200r7400_firmwarer7000p_firmwarerax200_firmwarer6350_firmwarer7000pac2100r7450r7960p_firmwarerax15_firmwarerax75_firmwarerax50_firmwarerax45_firmwarer7350ac2600_firmwaren/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-45648
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-3.1||LOW
EPSS-0.31% / 53.38%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:29
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects EX6100v2 before 1.0.1.106, EX6150v2 before 1.0.1.106, EX6250 before 1.0.0.146, EX6400 before 1.0.2.164, EX6400v2 before 1.0.0.146, EX6410 before 1.0.0.146, EX6420 before 1.0.0.146, EX7300 before 1.0.2.164, EX7300v2 before 1.0.0.146, EX7320 before 1.0.0.146, EX7700 before 1.0.0.222, LBR1020 before 2.6.5.16, LBR20 before 2.6.5.2, RBK352 before 4.3.4.7, RBK50 before 2.7.3.22, RBR350 before 4.3.4.7, RBR50 before 2.7.3.22, and RBS350 before 4.3.4.7.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-ex6400_firmwareex6150v2_firmwareex7300_firmwarerbr350_firmwareex6150v2ex7320_firmwareex6410ex6420_firmwareex7300v2_firmwareex6250_firmwarerbk352ex6400v2_firmwareex7300ex6420ex7300v2ex6250lbr1020lbr20_firmwareex6410_firmwarelbr1020_firmwarerbs350_firmwareex6400v2ex6100v2rbr50_firmwarerbr50rbs350ex7700_firmwareex7700lbr20ex7320rbk352_firmwarerbk50rbr350ex6100v2_firmwarerbk50_firmwareex6400n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-45652
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.39% / 59.06%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:28
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBK352 before 4.4.0.10, RBR350 before 4.4.0.10, and RBS350 before 4.4.0.10.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbk352_firmwarerbk352rbr350_firmwarerbr350rbs350_firmwarerbs350n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-45650
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.27% / 49.95%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:29
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects R7000 before 1.0.11.110, R7900 before 1.0.4.30, R8000 before 1.0.4.62, RS400 before 1.5.1.80, R6400v2 before 1.0.4.102, R7000P before 1.3.2.126, R6700v3 before 1.0.4.102, and R6900P before 1.3.2.126.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rs400_firmwarer6400v2r8000r7000r6900pr7900r7000pr6900p_firmwarer6400v2_firmwarer7900_firmwarer7000_firmwarers400r6700v3r6700v3_firmwarer8000_firmwarer7000p_firmwaren/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-45653
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-3.9||LOW
EPSS-0.68% / 70.52%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:28
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBK352 before 4.4.0.10, RBR350 before 4.4.0.10, and RBS350 before 4.4.0.10.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbk352_firmwarerbk352rbr350_firmwarerbr350rbs350_firmwarerbs350n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-18710
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.34%
||
7 Day CHG~0.00%
Published-24 Apr, 2020 | 13:47
Updated-05 Aug, 2024 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects R8300 before 1.0.2.106 and R8500 before 1.0.2.106.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r8300_firmwarer8300r8500_firmwarer8500n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-18713
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 27.35%
||
7 Day CHG~0.00%
Published-24 Apr, 2020 | 13:34
Updated-05 Aug, 2024 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects D7800 before 1.0.1.28, R6700 before 1.0.1.36, R6900 before 1.0.1.34, R7500v2 before 1.0.3.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR4300v2 before 1.0.0.48, and WNDR4500v3 before 1.0.0.48.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d7800_firmwarer9000_firmwarer6700wndr4500_firmwared7800r6900r9000r7500wndr4300_firmwarer7500_firmwarer6900_firmwarer7800wndr4500wndr4300r7800_firmwarer6700_firmwaren/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-5017
Matching Score-6
Assigner-Talos
ShareView Details
Matching Score-6
Assigner-Talos
CVSS Score-5.8||MEDIUM
EPSS-0.38% / 58.56%
||
7 Day CHG~0.00%
Published-17 Jun, 2019 | 20:34
Updated-04 Aug, 2024 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable information disclosure vulnerability exists in the KCodes NetUSB.ko kernel module that enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. An unauthenticated, remote attacker can craft and send a packet containing an opcode that will trigger the kernel module to return several addresses. One of which can be used to calculate the dynamic base address of the module for further exploitation.

Action-Not Available
Vendor-kcodesNETGEAR, Inc.Talos (Cisco Systems, Inc.)
Product-r8000r8000_firmwarenetusb.koKCodes
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-5016
Matching Score-6
Assigner-Talos
ShareView Details
Matching Score-6
Assigner-Talos
CVSS Score-10||CRITICAL
EPSS-0.92% / 74.99%
||
7 Day CHG~0.00%
Published-17 Jun, 2019 | 20:29
Updated-04 Aug, 2024 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable arbitrary memory read vulnerability exists in the KCodes NetUSB.ko kernel module which enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. A specially crafted index value can cause an invalid memory read, resulting in a denial of service or remote information disclosure. An unauthenticated attacker can send a crafted packet on the local network to trigger this vulnerability.

Action-Not Available
Vendor-kcodesNETGEAR, Inc.Talos (Cisco Systems, Inc.)
Product-netusb.kor7900_firmwarer8000r7900r8000_firmwareKCodes
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-45654
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.39% / 59.06%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:28
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR XR1000 devices before 1.0.0.58 are affected by disclosure of sensitive information.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-xr1000_firmwarexr1000n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 19
  • 20
  • Next
Details not found