Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-11790

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-15 Apr, 2020 | 17:07
Updated At-04 Aug, 2024 | 11:41
Rejected At-
Credits

NETGEAR R7800 devices before 1.0.2.68 are affected by remote code execution by unauthenticated attackers.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:15 Apr, 2020 | 17:07
Updated At:04 Aug, 2024 | 11:41
Rejected At:
▼CVE Numbering Authority (CNA)

NETGEAR R7800 devices before 1.0.2.68 are affected by remote code execution by unauthenticated attackers.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
3.09.4CRITICAL
CVSS:3.0/AC:L/AV:N/A:L/C:H/I:H/PR:N/S:U/UI:N
Version: 3.0
Base score: 9.4
Base severity: CRITICAL
Vector:
CVSS:3.0/AC:L/AV:N/A:L/C:H/I:H/PR:N/S:U/UI:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://kb.netgear.com/000061740/Security-Advisory-for-Unauthenticated-Remote-Code-Execution-on-R7800-PSV-2019-0076
x_refsource_CONFIRM
Hyperlink: https://kb.netgear.com/000061740/Security-Advisory-for-Unauthenticated-Remote-Code-Execution-on-R7800-PSV-2019-0076
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://kb.netgear.com/000061740/Security-Advisory-for-Unauthenticated-Remote-Code-Execution-on-R7800-PSV-2019-0076
x_refsource_CONFIRM
x_transferred
Hyperlink: https://kb.netgear.com/000061740/Security-Advisory-for-Unauthenticated-Remote-Code-Execution-on-R7800-PSV-2019-0076
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:15 Apr, 2020 | 18:15
Updated At:21 Jul, 2021 | 11:39

NETGEAR R7800 devices before 1.0.2.68 are affected by remote code execution by unauthenticated attackers.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.09.4CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.0
Base score: 9.4
Base severity: CRITICAL
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
NETGEAR, Inc.
netgear
>>r7800_firmware>>Versions before 1.0.2.68(exclusive)
cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r7800>>-
cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://kb.netgear.com/000061740/Security-Advisory-for-Unauthenticated-Remote-Code-Execution-on-R7800-PSV-2019-0076cve@mitre.org
Vendor Advisory
Hyperlink: https://kb.netgear.com/000061740/Security-Advisory-for-Unauthenticated-Remote-Code-Execution-on-R7800-PSV-2019-0076
Source: cve@mitre.org
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

175Records found
CVE-2023-38928
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.64% / 81.19%
||
7 Day CHG~0.00%
Published-07 Aug, 2023 | 00:00
Updated-11 Oct, 2024 | 13:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netgear R7100LG 1.0.0.78 was discovered to contain a command injection vulnerability via the password parameter at usb_remote_invite.cgi.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r7100lgr7100lg_firmwaren/ar7100lg
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-36187
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.54% / 88.74%
||
7 Day CHG~0.00%
Published-01 Sep, 2023 | 00:00
Updated-01 Oct, 2024 | 16:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthenticated attackers to execute arbitrary code via crafted URL to httpd.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rax200_firmwarecbr40_firmwarerax80rbw30_firmwaremk62_firmwaremr60ms60rs400_firmwaremr60_firmwarer6400v2rax75lax20mk62r6400_firmwarer7000rax80_firmwarerbw30r7000pcbr40r6400v2_firmwarems60_firmwarers400r7000_firmwarer6700v3rax200r6700v3_firmwarerax75_firmwarer6400lax20_firmwarer7000p_firmwaren/ar6400v2
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-33532
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-30.26% / 96.53%
||
7 Day CHG~0.00%
Published-06 Jun, 2023 | 00:00
Updated-08 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a command injection vulnerability in the Netgear R6250 router with Firmware Version 1.0.4.48. If an attacker gains web management privileges, they can inject commands into the post request parameters, thereby gaining shell privileges.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r6250_firmwarer6250n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2019-20730
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.2||HIGH
EPSS-0.40% / 59.54%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 19:09
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by SQL injection. This affects D3600 before 1.0.0.68, D6000 before 1.0.0.68, D6200 before 1.1.00.28, D6220 before 1.0.0.40, D6400 before 1.0.0.74, D7000 before 1.0.1.60, D7000v2 before 1.0.0.74, D7800 before 1.0.1.34, D8500 before 1.0.3.39, DC112A before 1.0.0.40, EX8000 before 1.0.0.118, JR6150 before 1.0.1.18, R6050 before 1.0.1.18, R6220 before 1.1.0.66, R6250 before 1.0.4.26, R6300v2 before 1.0.4.24, R6400 before 1.0.1.36, R6400v2 before 1.0.2.52, R6700 before 1.0.1.44, R6700v2 before 1.2.0.16, R6800 before 1.2.0.16, R6900v2 before 1.2.0.16, R6900 before 1.0.1.44, R7000 before 1.0.9.26, R6900P before 1.3.0.20, R7000P before 1.3.0.20, R7100LG before 1.0.0.40, R7300DST before 1.0.0.62, R7500 before 1.0.0.118, R7500v2 before 1.0.3.26, R7800 before 1.0.2.40, R7900 before 1.0.2.10, R8000 before 1.0.4.12, R7900P before 1.3.0.10, R8000P before 1.3.0.10, R8300 before 1.0.2.116, R8500 before 1.0.2.116, R8900 before 1.0.3.6, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.102, WNDR3700v5 before 1.1.0.54, WNDR4300v1 before 1.0.2.98, WNDR4300v2 before 1.0.0.56, and WNDR4500v3 before 1.0.0.56.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wndr3700r8900_firmwarer6220_firmwarer6400_firmwarer7100lgwndr4300_firmwarer6900p_firmwared6220r7500_firmwarer7100lg_firmwarer7300dst_firmwarer8300r6050r8500_firmwarer7000_firmwarer6220wndr4500d3600r7300dstd6220_firmwarer6300_firmwared8500_firmwarer7900pd7000r8900r9000_firmwared8500r6700wndr3700_firmwarer7000d6000d6400r7500r9000r6900_firmwarer7800r7900_firmwared6200jr6150_firmwarer7800_firmwarer6700_firmwarer7900p_firmwarer6800_firmwarer8000_firmwarer6250d6000_firmwarer8000d7800r6900pr7900r8000pex8000d3600_firmwarer6800r8000p_firmwared6400_firmwarer6250_firmwarer7000p_firmwared7800_firmwaredc112aex8000_firmwarer8500d7000_firmwarer8300_firmwarewndr4500_firmwarer6900r7000pd6200_firmwarer6050_firmwarejr6150dc112a_firmwarer6300wndr4300r6400n/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2019-20696
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.4||CRITICAL
EPSS-0.40% / 59.85%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 14:32
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects WAC505 before V5.6.8.3 and WAC510 before V5.6.8.3.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wac505_firmwarewac510_firmwarewac505wac510n/a
CVE-2019-20699
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.73% / 71.82%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 14:35
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects GS105Ev2 before 1.6.0.4, GS105PE before 1.6.0.4, GS408EPP before 1.0.0.15, GS808E before 1.7.0.7, GS908E before 1.7.0.3, GSS108E before 1.6.0.4, and GSS108EPP before 1.0.0.15.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-gs408epp_firmwaregs105e_firmwaregs105pegs908egs408eppgss108e_firmwaregss108eppgss108egs105egs908e_firmwaregs808egss108epp_firmwaregs808e_firmwaregs105pe_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-20679
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-0.40% / 59.87%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 19:51
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR MR1100 devices before 12.06.08.00 are affected by lack of access control at the function level.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-mr1100mr1100_firmwaren/a
CVE-2019-20695
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.4||CRITICAL
EPSS-0.57% / 67.70%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 14:31
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects SRK60 before 2.3.5.106, SRR60 before 2.3.5.106, and SRS60 before 2.3.5.106.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-srk60_firmwaresrr60srs60_firmwaresrk60srs60srr60_firmwaren/a
CVE-2012-2439
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.44% / 62.33%
||
7 Day CHG~0.00%
Published-28 Apr, 2012 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The default configuration of the NETGEAR ProSafe FVS318N firewall enables web-based administration on the WAN interface, which allows remote attackers to establish an HTTP connection and possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-prosafe_fvs318nn/a
CVE-2023-27853
Matching Score-8
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-8
Assigner-Tenable Network Security, Inc.
CVSS Score-9.8||CRITICAL
EPSS-2.52% / 84.82%
||
7 Day CHG~0.00%
Published-10 Mar, 2023 | 00:00
Updated-27 Feb, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a format string vulnerability in a SOAP service that could allow an attacker to execute arbitrary code on the device.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rax30_firmwarerax30NETGEAR Nighthawk WiFi6 Router
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-17373
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.93% / 75.22%
||
7 Day CHG~0.00%
Published-09 Oct, 2019 | 12:07
Updated-05 Aug, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, such as by appending ?x=1.jpg to a URL. This affects MBR1515, MBR1516, DGN2200, DGN2200M, DGND3700, WNR2000v2, WNDR3300, WNDR3400, WNR3500, and WNR834Bv2.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-dgnd3700mbr1515_firmwarewnr2000v2_firmwaredgnd3700_firmwarewndr3400_firmwaredgn2200mmbr1516_firmwarewndr3300mbr1516mbr1515dgn2200m_firmwarewndr3400dgn2200_firmwarewnr3500_firmwaredgn2200wndr3300_firmwarewnr3500wnr834bv2_firmwarewnr2000v2wnr834bv2n/a
CVE-2019-17137
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-9.4||CRITICAL
EPSS-0.43% / 61.93%
||
7 Day CHG~0.00%
Published-10 Feb, 2020 | 19:15
Updated-05 Aug, 2024 | 01:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR AC1200 R6220 Firmware version 1.1.0.86 Smart WiFi Router. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of path strings. By inserting a null byte into the path, the user can skip most authentication checks. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-8616.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-ac1200_r6220_firmwareac1200_r6220AC1200
CWE ID-CWE-626
Null Byte Interaction Error (Poison Null Byte)
CVE-2022-37232
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.52% / 65.98%
||
7 Day CHG~0.00%
Published-23 Sep, 2022 | 00:10
Updated-27 May, 2025 | 14:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netgear N300 wireless router wnr2000v4-V1.0.0.70 is vulnerable to Buffer Overflow via uhttpd. There is a stack overflow vulnerability caused by strcpy.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wnr2000v4wnr2000v4_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-13394
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.18% / 39.87%
||
7 Day CHG~0.00%
Published-13 Mar, 2020 | 17:26
Updated-04 Aug, 2024 | 23:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses HTTP Basic Authentication over cleartext HTTP.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-cg3700bcg3700b_firmwaren/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2024-54809
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.03% / 6.64%
||
7 Day CHG-0.03%
Published-31 Mar, 2025 | 00:00
Updated-17 Apr, 2025 | 12:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netgear Inc WNR854T 1.5.2 (North America) contains a stack-based buffer overflow vulnerability in the parse_st_header function due to use of a request header parameter in a strncpy where size is determined based on the input specified. By sending a specially crafted packet, an attacker can take control of the program counter and hijack control flow of the program to execute arbitrary system commands.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wnr854t_firmwarewnr854tn/a
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2018-21094
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-0.35% / 56.68%
||
7 Day CHG~0.00%
Published-27 Apr, 2020 | 14:42
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wnd930_firmwarewnap320_firmwarewndap360wnap320wnd930wndap660_firmwarewndap620_firmwarewndap360_firmwarewac505_firmwarewndap350_firmwarewac120wn604_firmwarewn604wac120_firmwarewac505wac510wac510_firmwarewnap210wndap620wndap660wndap350wnap210_firmwaren/a
CVE-2018-21137
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.27% / 50.38%
||
7 Day CHG~0.00%
Published-23 Apr, 2020 | 20:05
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a hardcoded password. This affects D3600 before 1.0.0.76 and D6000 before 1.0.0.76.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d3600d3600_firmwared6000_firmwared6000n/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2018-21097
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.39% / 58.94%
||
7 Day CHG~0.00%
Published-27 Apr, 2020 | 15:57
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WAC120 before 2.1.7, WN604 before 3.3.10, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, and WND930 before 2.1.5.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wnd930_firmwarewnap320_firmwarewndap360wnap320wnd930wndap660_firmwarewndap620_firmwarewndap360_firmwarewac505_firmwarewndap350_firmwarewn604_firmwarewac120wn604wac120_firmwarewac505wac510wac510_firmwarewnap210wndap620wndap660wndap350wnap210_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-21132
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.57% / 67.62%
||
7 Day CHG~0.00%
Published-23 Apr, 2020 | 19:41
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by authentication bypass. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wac505_firmwarewac510_firmwarewac505wac510n/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-54808
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 28.28%
||
7 Day CHG-0.09%
Published-31 Mar, 2025 | 00:00
Updated-17 Apr, 2025 | 12:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netgear WNR854T 1.5.2 (North America) contains a stack-based buffer overflow vulnerability in the SetDefaultConnectionService function due to an unconstrained use of sscanf. The vulnerability allows for control of the program counter and can be utilized to achieve arbitrary code execution.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wnr854t_firmwarewnr854tn/a
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-54803
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.78% / 72.79%
||
7 Day CHG-0.29%
Published-31 Mar, 2025 | 00:00
Updated-22 Apr, 2025 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. An attacker can send a specially crafted request to post.cgi, updating the nvram parameter pppoe_peer_mac and forcing a reboot. This will result in command injection.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wnr854t_firmwarewnr854tn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-57231
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.65% / 81.29%
||
7 Day CHG~0.00%
Published-05 May, 2025 | 00:00
Updated-07 May, 2025 | 16:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rax50_firmwarerax50n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-32122
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.18% / 39.26%
||
7 Day CHG~0.00%
Published-10 Aug, 2021 | 23:58
Updated-03 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by CSRF. This affects EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, and EX6130 before 1.0.0.44.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-ex3800ex6130_firmwareex3700_firmwareex6120ex3800_firmwareex6130ex6120_firmwareex3700n/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-3316
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.23% / 45.63%
||
7 Day CHG~0.00%
Published-29 Jan, 2020 | 21:15
Updated-06 Aug, 2024 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass due to the server skipping checks for URLs containing a ".jpg".

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wnr1000_firmwarewnr1000n/a
CWE ID-CWE-287
Improper Authentication
CVE-2023-1327
Matching Score-8
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-8
Assigner-Tenable Network Security, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.11% / 30.32%
||
7 Day CHG~0.00%
Published-14 Mar, 2023 | 00:00
Updated-27 Feb, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netgear RAX30 (AX2400), prior to version 1.0.6.74, was affected by an authentication bypass vulnerability, allowing an unauthenticated attacker to gain administrative access to the device's web management interface by resetting the admin password.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rax30_firmwarerax30Netgear RAX30 (AX2400)
CWE ID-CWE-287
Improper Authentication
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found