Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-14429

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-18 Jun, 2020 | 16:25
Updated At-04 Aug, 2024 | 12:46
Rejected At-
Credits

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects MK62 before 1.0.4.92, MK63 before 1.0.4.92, MR60 before 1.0.4.92, MS60 before 1.0.4.92, RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBS750 before 3.2.15.25, RBR750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:18 Jun, 2020 | 16:25
Updated At:04 Aug, 2024 | 12:46
Rejected At:
â–¼CVE Numbering Authority (CNA)

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects MK62 before 1.0.4.92, MK63 before 1.0.4.92, MR60 before 1.0.4.92, MS60 before 1.0.4.92, RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBS750 before 3.2.15.25, RBR750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
3.09.6CRITICAL
CVSS:3.0/AC:L/AV:A/A:L/C:H/I:H/PR:N/S:C/UI:N
Version: 3.0
Base score: 9.6
Base severity: CRITICAL
Vector:
CVSS:3.0/AC:L/AV:A/A:L/C:H/I:H/PR:N/S:C/UI:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://kb.netgear.com/000061938/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-WiFi-Systems-PSV-2020-0050
x_refsource_CONFIRM
Hyperlink: https://kb.netgear.com/000061938/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-WiFi-Systems-PSV-2020-0050
Resource:
x_refsource_CONFIRM
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://kb.netgear.com/000061938/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-WiFi-Systems-PSV-2020-0050
x_refsource_CONFIRM
x_transferred
Hyperlink: https://kb.netgear.com/000061938/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-WiFi-Systems-PSV-2020-0050
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:18 Jun, 2020 | 17:15
Updated At:21 Jul, 2021 | 11:39

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects MK62 before 1.0.4.92, MK63 before 1.0.4.92, MR60 before 1.0.4.92, MS60 before 1.0.4.92, RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBS750 before 3.2.15.25, RBR750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.09.6CRITICAL
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
Primary2.05.8MEDIUM
AV:A/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.0
Base score: 9.6
Base severity: CRITICAL
Vector:
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
Type: Primary
Version: 2.0
Base score: 5.8
Base severity: MEDIUM
Vector:
AV:A/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
NETGEAR, Inc.
netgear
>>mk62>>-
cpe:2.3:h:netgear:mk62:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>mk62_firmware>>Versions before 1.0.4.92(exclusive)
cpe:2.3:o:netgear:mk62_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>mk63>>-
cpe:2.3:h:netgear:mk63:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>mk63_firmware>>Versions before 1.0.4.92(exclusive)
cpe:2.3:o:netgear:mk63_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>mr60>>-
cpe:2.3:h:netgear:mr60:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>mr60_firmware>>Versions before 1.0.4.92(exclusive)
cpe:2.3:o:netgear:mr60_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>ms60>>-
cpe:2.3:h:netgear:ms60:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>ms60_firmware>>Versions before 1.0.4.92(exclusive)
cpe:2.3:o:netgear:ms60_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>rbk752>>-
cpe:2.3:h:netgear:rbk752:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>rbk752_firmware>>Versions before 3.2.15.25(exclusive)
cpe:2.3:o:netgear:rbk752_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>rbk753>>-
cpe:2.3:h:netgear:rbk753:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>rbk753_firmware>>Versions before 3.2.15.25(exclusive)
cpe:2.3:o:netgear:rbk753_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>rbk753s_firmware>>Versions before 3.2.15.25(exclusive)
cpe:2.3:o:netgear:rbk753s_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>rbk753s>>-
cpe:2.3:h:netgear:rbk753s:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>rbs750_firmware>>Versions before 3.2.15.25(exclusive)
cpe:2.3:o:netgear:rbs750_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>rbs750>>-
cpe:2.3:h:netgear:rbs750:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>rbr750_firmware>>Versions before 3.2.15.25(exclusive)
cpe:2.3:o:netgear:rbr750_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>rbr750>>-
cpe:2.3:h:netgear:rbr750:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>rbk842_firmware>>Versions before 3.2.15.25(exclusive)
cpe:2.3:o:netgear:rbk842_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>rbk842>>-
cpe:2.3:h:netgear:rbk842:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>rbr840_firmware>>Versions before 3.2.15.25(exclusive)
cpe:2.3:o:netgear:rbr840_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>rbr840>>-
cpe:2.3:h:netgear:rbr840:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>rbs840_firmware>>Versions before 3.2.15.25(exclusive)
cpe:2.3:o:netgear:rbs840_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>rbs840>>-
cpe:2.3:h:netgear:rbs840:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>rbk852_firmware>>Versions before 3.2.15.25(exclusive)
cpe:2.3:o:netgear:rbk852_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>rbk852>>-
cpe:2.3:h:netgear:rbk852:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>rbk853_firmware>>Versions before 3.2.15.25(exclusive)
cpe:2.3:o:netgear:rbk853_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>rbk853>>-
cpe:2.3:h:netgear:rbk853:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>rbr850_firmware>>Versions before 3.2.15.25(exclusive)
cpe:2.3:o:netgear:rbr850_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>rbr850>>-
cpe:2.3:h:netgear:rbr850:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>rbs850_firmware>>Versions before 3.2.15.25(exclusive)
cpe:2.3:o:netgear:rbs850_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>rbs850>>-
cpe:2.3:h:netgear:rbs850:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://kb.netgear.com/000061938/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-WiFi-Systems-PSV-2020-0050cve@mitre.org
Vendor Advisory
Hyperlink: https://kb.netgear.com/000061938/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-WiFi-Systems-PSV-2020-0050
Source: cve@mitre.org
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

214Records found
CVE-2019-20684
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.65% / 70.45%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 14:16
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6200 before 1.1.00.32, D7000 before 1.0.1.68, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6050 before 1.0.1.18, R6080 before 1.0.0.38, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.40, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, WNR2020 before 1.1.0.62, and XR500 before 2.3.2.32.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wnr2020_firmwared6000_firmwarer6120wnr2020r6220_firmwarepr2000r6080_firmwarer6120_firmwared3600_firmwarer6800r6050pr2000_firmwarer6260_firmwarer6260r6220r6020d3600xr500_firmwarer6020_firmwarexr500d7000r6080d7000_firmwarer6700d6000r6900d6200_firmwarer6900_firmwarer6050_firmwared6200jr6150_firmwarejr6150r6700_firmwarer6800_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-18720
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.16% / 37.05%
||
7 Day CHG~0.00%
Published-24 Apr, 2020 | 13:15
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d6200_firmwarer6800r6900_firmwarer6900r6700d6200r6700_firmwarer6800_firmwaren/a
CWE ID-CWE-287
Improper Authentication
CVE-2017-18728
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.58% / 68.44%
||
7 Day CHG~0.00%
Published-24 Apr, 2020 | 13:01
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d6200_firmwarer6800r6900_firmwarer6900r6700d6200r6700_firmwarer6800_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-12944
Matching Score-8
Assigner-a2826606-91e7-4eb6-899e-8484bd4575d5
ShareView Details
Matching Score-8
Assigner-a2826606-91e7-4eb6-899e-8484bd4575d5
CVSS Score-6.8||MEDIUM
EPSS-0.05% / 15.43%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 16:17
Updated-08 Dec, 2025 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper input validation in NETGEAR DGN2200v4

Improper input validation in NETGEAR DGN2200v4 (N300 Wireless ADSL2+ Modem Router) allows attackers with direct network access to the device to potentially execute code on the device. Please check the firmware version and update to the latest. Fixed in:  DGN2200v4 firmware 1.0.0.132 or later

Action-Not Available
Vendor-NETGEAR, Inc.
Product-dgn2200dgn2200_firmwareDGN2200v4
CWE ID-CWE-20
Improper Input Validation
CVE-2017-18731
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.12% / 31.57%
||
7 Day CHG~0.00%
Published-24 Apr, 2020 | 12:48
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R6100 before 1.0.1.16, R7500 before 1.0.0.112, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, and WNR2000v5 before 1.0.0.58.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r7500_firmwarewnr2500r7800wnr2500_firmwarer6100r7800_firmwarer6100_firmwarer7500n/a
CVE-2017-18740
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.07% / 21.95%
||
7 Day CHG~0.00%
Published-23 Apr, 2020 | 16:00
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.61, D6000 before 1.0.0.61, D6100 before 1.0.0.55, D7800 before 1.0.1.28, R6100 before 1.0.1.16, R7500 before 1.0.0.112, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R9000 before 1.0.2.40, WNDR3700v4 before 1.0.2.88, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.58.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d7800_firmwarer9000_firmwared6000_firmwarewndr3700wndr3700_firmwarewndr4500_firmwared7800r6100_firmwarewnr2000_firmwared6000r9000r7500wndr4300_firmwared3600_firmwarer7500_firmwarer7800d6100_firmwared6100wndr4500d3600r6100wndr4300r7800_firmwarewnr2000n/a
CVE-2017-18727
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.27% / 50.31%
||
7 Day CHG~0.00%
Published-24 Apr, 2020 | 13:02
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d6200_firmwarer6800r6900_firmwarer6900r6700d6200r6700_firmwarer6800_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-18738
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.85% / 74.61%
||
7 Day CHG~0.00%
Published-23 Apr, 2020 | 16:04
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects EX6150v2 before 1.0.1.54, R6400 before 1.0.1.24, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.10, R7000P before 1.2.0.22, R6900P before 1.2.0.22, R7100LG before 1.0.0.32, R7300DST before 1.0.0.54, R7900 before 1.0.1.18, R8000 before 1.0.3.48, R8300 before 1.0.2.106, R8500 before 1.0.2.106, R6100 before 1.0.1.16, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.58.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r8000r6400_firmwarer6900pr6100_firmwarer7100lgr7900wndr4300_firmwarer6900p_firmwarer8300r7100lg_firmwarer7300dst_firmwarer8500_firmwarer7000_firmwarewndr4500r6100r7300dstr7000p_firmwarer8500r6700r8300_firmwarer7000wndr4500_firmwarewnr2000_firmwarer6900ex6150r7000pr6900_firmwarer7900_firmwarewndr4300r6400r6700_firmwarewnr2000ex6150_firmwarer8000_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-18734
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.79% / 73.52%
||
7 Day CHG~0.00%
Published-23 Apr, 2020 | 16:20
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, WNDR3700v5 before 1.1.0.48, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-jnr1010_firmwarewnr2020_firmwarewndr3700wnr2020r6700r6220_firmwarewndr3700_firmwarepr2000wnr1000jwnr2010r6900r6800wnr1000_firmwarer6900_firmwarer6050_firmwarer6050pr2000_firmwarewnr2050r6220jr6150jr6150_firmwarewnr2050_firmwarejnr1010r6700_firmwarer6800_firmwarejwnr2010_firmwaren/a
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2017-18732
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.96% / 76.13%
||
7 Day CHG~0.00%
Published-23 Apr, 2020 | 16:23
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by authentication bypass. This affects R6300v2 before 1.0.4.8, PLW1000v2 before 1.0.0.14, and PLW1010v2 before 1.0.0.14.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-plw1000_firmwareplw1010plw1010_firmwarer6300r6300_firmwareplw1000n/a
CWE ID-CWE-287
Improper Authentication
CVE-2017-18756
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.13% / 32.47%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 16:10
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D6220 before 1.0.0.32, D6400 before 1.0.0.66, D8500 before 1.0.3.35, DGN2200Bv4 before 1.0.0.94, DGN2200v4 before 1.0.0.94, R6250 before 1.0.4.14, R6300v2 before 1.0.4.18, R6400 before 1.01.32, R6400v2 before 1.0.2.44, R6700 before 1.0.1.36, R6900 before 1.0.1.30, R6900P before 1.3.0.8, R7000 before 1.0.9.14, R7000P before 1.3.0.8, R7100LG before 1.0.0.34, R7900 before 1.0.2.4, R8000 before 1.0.4.2, WN2500RPv2 before 1.0.1.50, WNDR3400v3 before 1.0.1.14, and WNDR4000 before 1.0.2.10.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r8000r6400_firmwarer6900pr7100lgr7900r6900p_firmwarewndr3400d6220r7100lg_firmwaredgn2200r7000_firmwared6400_firmwarewn2500rpwn2500rp_firmwared6220_firmwarer6300_firmwared8500_firmwaredgn2200b_firmwarer6250_firmwarer7000p_firmwarewndr4000wndr4000_firmwared8500wndr3400_firmwaredgn2200br6700r7000r6900d6400r7000pdgn2200_firmwarer6900_firmwarer7900_firmwarer6300r6400r6700_firmwarer8000_firmwarer6250n/a
CVE-2017-18723
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.27% / 50.31%
||
7 Day CHG~0.00%
Published-24 Apr, 2020 | 13:13
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d6200_firmwarer6800r6900_firmwarer6900r6700d6200r6700_firmwarer6800_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-18717
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.27% / 50.31%
||
7 Day CHG~0.00%
Published-24 Apr, 2020 | 13:29
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d6200_firmwarer6800r6900_firmwarer6900r6700d6200r6700_firmwarer6800_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-18864
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.65% / 70.46%
||
7 Day CHG~0.00%
Published-05 May, 2020 | 13:48
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects R6400 before 1.0.1.24, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.4, R7000P before 1.0.0.56, R6900P before 1.0.0.56, R7100LG before 1.0.0.32, R7300 before 1.0.0.54, R7900 before 1.0.1.18, R8300 before 1.0.2.104, and R8500 before 1.0.2.104.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r8500r7300r6700r7300_firmwarer8300_firmwarer6400_firmwarer6900pr7000r7100lgr7900r6900r7000pr6900p_firmwarer8300r7100lg_firmwarer8500_firmwarer6900_firmwarer7900_firmwarer7000_firmwarer6400r6700_firmwarer7000p_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2017-18748
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.13% / 32.47%
||
7 Day CHG~0.00%
Published-23 Apr, 2020 | 15:30
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects EX6200v2 before 1.0.1.44, R6100 before 1.0.1.12, R7500 before 1.0.0.108, R7500v2 before 1.0.3.10, R7800 before 1.0.2.28, R9000 before 1.0.2.30, WNDR4300v2 before 1.0.0.48, and WNDR4500v3 before 1.0.0.48.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r7500_firmwarer7800r6100_firmwarer9000_firmwarewndr4500r9000r6100wndr4300r7800_firmwarewndr4500_firmwareex6200ex6200_firmwarer7500wndr4300_firmwaren/a
CVE-2017-18772
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.16% / 37.05%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 14:47
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by authentication bypass. This affects EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6120 before 1.0.0.32, EX6130 before 1.0.0.16, R6300v2 before 1.0.4.12, R6700 before 1.0.1.26, R6900 before 1.0.1.22, R7000 before 1.0.9.6, R7300DST before 1.0.0.52, R7900 before 1.0.1.12, R8000 before 1.0.3.24, R8500 before 1.0.2.74, and WNR2000v2 before 1.2.0.8.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r8500ex6130_firmwarer6700r8000r7000ex3800_firmwarewnr2000_firmwarer7900r6900ex3700r8500_firmwarer7300dst_firmwarer6900_firmwareex3800r7900_firmwarer7000_firmwareex3700_firmwarer6300r7300dstex6120r6300_firmwarer6700_firmwareex6130ex6120_firmwarewnr2000r8000_firmwaren/a
CWE ID-CWE-287
Improper Authentication
CVE-2017-18724
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.27% / 50.31%
||
7 Day CHG~0.00%
Published-24 Apr, 2020 | 13:12
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d6200_firmwarer6800r6900_firmwarer6900r6700d6200r6700_firmwarer6800_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-18722
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.27% / 50.31%
||
7 Day CHG~0.00%
Published-24 Apr, 2020 | 13:14
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d6200_firmwarer6800r6900_firmwarer6900r6700d6200r6700_firmwarer6800_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-18721
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.65% / 70.46%
||
7 Day CHG~0.00%
Published-24 Apr, 2020 | 13:15
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d6200_firmwarer6800r6900_firmwarer6900r6700d6200r6700_firmwarer6800_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-18711
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.24% / 47.35%
||
7 Day CHG~0.00%
Published-24 Apr, 2020 | 13:42
Updated-05 Aug, 2024 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D7800 before 1.0.1.28, R6400 before 1.01.32, R6400v2 before 1.0.2.44, R6700 before 1.0.1.36, R6900 before 1.0.1.34, R6900P before 1.3.0.8, R7000 before 1.0.9.14, R7000P before 1.3.0.8, R7500v2 before 1.0.3.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR4300v2 before 1.0.0.48, and WNDR4500v3 before 1.0.0.48.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d7800_firmwarer9000_firmwarer6700r6400_firmwared7800r6900pwndr4500_firmwarer7000r6900r7000pr9000wndr4300_firmwarer6900p_firmwarer7500r7500_firmwarer6900_firmwarer7800r7000_firmwarewndr4500wndr4300r7800_firmwarer6400r6700_firmwarer7000p_firmwaren/a
CVE-2017-18739
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 34.08%
||
7 Day CHG~0.00%
Published-23 Apr, 2020 | 16:02
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects R6220 before V1.1.0.50, R7800 before V1.0.2.36, WNDR3400v3 before 1.0.1.14, and WNDR3700v5 before V1.1.0.48.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r7800wndr3700r6220wndr3400_firmwarer6220_firmwarewndr3700_firmwarer7800_firmwarewndr3400n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2017-18762
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.79% / 73.63%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 15:44
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D3600 before 1.0.0.68, D6000 before 1.0.0.68, D6100 before 1.0.0.57, R6100 before 1.0.1.16, R6900P before 1.2.0.22, R7000 before 1.0.9.10, R7000P before 1.2.0.22, R7100LG before 1.0.0.40, WNDR3700v4 before 1.0.2.88, WNDR4300v1 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.58.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d6000_firmwarewndr3700wndr3700_firmwarer7000r6900pr6100_firmwarer7100lgwndr4500_firmwarewnr2000_firmwared6000r7000pwndr4300_firmwarer6900p_firmwared3600_firmwarer7100lg_firmwarer7000_firmwared6100_firmwared6100wndr4500d3600r6100wndr4300wnr2000r7000p_firmwaren/a
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2017-18743
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.16% / 37.05%
||
7 Day CHG~0.00%
Published-23 Apr, 2020 | 15:38
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by authentication bypass. This affects R6300v2 before 1.0.4.8, R6400 before 1.0.1.20, R6700 before 1.0.1.20, R6900 before 1.0.1.20, R7000 before 1.0.7.10, R7100LG before V1.0.0.32, R7300DST before 1.0.0.52, R7900 before 1.0.1.16, R8000 before 1.0.3.36, R8300 before 1.0.2.94, R8500 before 1.0.2.94, WNDR3400v3 before 1.0.1.12, and WNR3500Lv2 before 1.2.0.40.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r8500wndr3400_firmwarer6700r8300_firmwarer8000r6400_firmwarer7000wnr3500l_firmwarer7100lgr7900r6900wndr3400wnr3500lr8300r7100lg_firmwarer7300dst_firmwarer8500_firmwarer6900_firmwarer7900_firmwarer7000_firmwarer6300r7300dstr6400r6300_firmwarer6700_firmwarer8000_firmwaren/a
CWE ID-CWE-287
Improper Authentication
CVE-2017-18716
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.27% / 50.31%
||
7 Day CHG~0.00%
Published-24 Apr, 2020 | 13:30
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d6200_firmwarer6800r6900_firmwarer6900r6700d6200r6700_firmwarer6800_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-18719
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 34.08%
||
7 Day CHG~0.00%
Published-24 Apr, 2020 | 13:20
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6020 before 1.1.00.26, R6080 before 1.1.00.26; R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d6200_firmwarer6800r6900_firmwarer6900r6080r6020r6700d6200r6080_firmwarer6700_firmwarer6020_firmwarer6800_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-18764
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.79% / 73.63%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 15:42
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6100 before 1.0.0.55, D7000 before 1.0.1.50, D7800 before 1.0.1.28, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6100 before 1.0.1.14, R6120 before 1.0.0.30, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, R7500 before 1.0.0.110, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R9000 before 1.0.2.52, WN3000RPv3 before 1.0.2.50, WNDR3700v4 before 1.0.2.88, WNDR3700v5 before 1.1.0.48, WNDR4300v1 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.44, WNR2000v5 before 1.0.0.58, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-jnr1010_firmwarewn3000rpwnr2020_firmwarewndr3700r6120wnr2020r6220_firmwarepr2000jwnr2010d7800r6100_firmwarer6120_firmwarewndr4300_firmwarer7500_firmwarer6800wnr1000_firmwarer6050pr2000_firmwared6100_firmwarer6220wndr4500r6100wn3000rp_firmwared7800_firmwared7000r9000_firmwared7000_firmwarer6700wndr3700_firmwarewnr1000wndr4500_firmwarewnr2000_firmwarer6900r7500r9000r6900_firmwarer6050_firmwarer7800wnr2050d6100jr6150_firmwarejr6150wnr2000wnr2050_firmwarewndr4300jnr1010r7800_firmwarer6700_firmwarer6800_firmwarejwnr2010_firmwaren/a
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2019-20683
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.65% / 70.45%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 14:15
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6200 before 1.1.00.32, D7000 before 1.0.1.68, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6050 before 1.0.1.18, R6080 before 1.0.0.38, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.40, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, WNR2020 before 1.1.0.62, and XR500 before 2.3.2.32.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wnr2020_firmwared6000_firmwarer6120wnr2020r6220_firmwarepr2000r6080_firmwarer6120_firmwared3600_firmwarer6800r6050pr2000_firmwarer6260_firmwarer6260r6220r6020d3600xr500_firmwarer6020_firmwarexr500d7000r6080d7000_firmwarer6700d6000r6900d6200_firmwarer6900_firmwarer6050_firmwared6200jr6150_firmwarejr6150r6700_firmwarer6800_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-20697
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.32% / 54.47%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 14:33
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects GS728TPPv2 before 6.0.0.48, GS728TPv2 before 6.0.0.48, GS750E before 1.0.1.4, GS752TPP before 6.0.0.48, and GS752TPv2 before 6.0.0.48.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-gs728tp_firmwaregs752tppgs752tpp_firmwaregs750egs728tpp_firmwaregs728tpgs750e_firmwaregs752tp_firmwaregs752tpgs728tppn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-20753
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.33% / 55.78%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 21:06
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects DGN2200v1 before 1.0.0.58, D8500 before 1.0.3.42, D7000v2 before 1.0.0.51, D6400 before 1.0.0.78, D6220 before 1.0.0.44, JNDR3000 before 1.0.0.24, R8000 before 1.0.4.18, R8500 before 1.0.2.122, R8300 before 1.0.2.122, R7900 before 1.0.2.16, R7000P before 1.3.2.34, R7300DST before 1.0.0.68, R7100LG before 1.0.0.46, R6900P before 1.3.2.34, R7000 before 1.0.9.28, R6900 before 1.0.1.46, R6700 before 1.0.1.46, R6400v2 before 1.0.2.56, R6400 before 1.0.1.42, R6300v2 before 1.0.4.28, R6250 before 1.0.4.26, WNDR3400v3 before 1.0.1.22, WNDR4500v2 before 1.0.0.72, and WNR3500Lv2 before 1.2.0.50.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r8000r6400_firmwarer6900pr7100lgr7900r6900p_firmwarewndr3400d6220r8500_firmwarer8300r7300dst_firmwarer7100lg_firmwaredgn2200r7000_firmwared6400_firmwarewndr4500r7300dstd6220_firmwarer6300_firmwared8500_firmwarer6250_firmwarer7000p_firmwarer8500d7000d8500wndr3400_firmwared7000_firmwarer6700r8300_firmwarer7000wndr4500_firmwarewnr3500l_firmwarer6900d6400jndr3000_firmwarejndr3000r7000pwnr3500ldgn2200_firmwarer6900_firmwarer7900_firmwarer6300r6400r6700_firmwarer8000_firmwarer6250n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-20734
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.2||HIGH
EPSS-0.55% / 67.45%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 19:12
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D6220 before 1.0.0.40, D8500 before 1.0.3.39, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.22, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150v1 before 1.0.0.42, EX6200 before 1.0.3.88, EX7000 before 1.0.0.66, R6300v2 before 1.0.4.18, R6400 before 1.0.1.24, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6700v3 before 1.0.2.32, R6900 before 1.0.1.22, R7000 before 1.0.9.6, R6900P before 1.0.0.56, R7000P before 1.0.0.56, R7100LG before 1.0.0.42, R7300DST before 1.0.0.54, R7900 before 1.0.1.26, R8300 before 1.0.2.106, R8500 before 1.0.2.106, WN2500RPv2 before 1.0.1.54, and WNR3500Lv2 before 1.2.0.46. NOTE: this may be a result of an incomplete fix for CVE-2017-18864.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r6400_firmwareex3800_firmwareex6200ex7000r6900pr7100lgr7900ex3700r6900p_firmwared6220r8300r7100lg_firmwarer7300dst_firmwarer8500_firmwarer7000_firmwarewn2500rpwn2500rp_firmwarer7300dstd6220_firmwarer6300_firmwareex6130d8500_firmwareex6000_firmwareex6100r7000p_firmwarer8500ex6130_firmwared8500r6700r8300_firmwarer7000wnr3500l_firmwareex6200_firmwareex6150r6900r7000pwnr3500lr6900_firmwareex3800r7900_firmwareex6100_firmwareex3700_firmwareex6000ex7000_firmwareex6120r6300r6400r6700_firmwareex6120_firmwareex6150_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-20682
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.65% / 70.45%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 14:13
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6200 before 1.1.00.32, D7000 before 1.0.1.68, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6050 before 1.0.1.18, R6080 before 1.0.0.38, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.40, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, WNR2020 before 1.1.0.62, and XR500 before 2.3.2.32.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wnr2020_firmwared6000_firmwarer6120wnr2020r6220_firmwarepr2000r6080_firmwarer6120_firmwared3600_firmwarer6800r6050pr2000_firmwarer6260_firmwarer6260r6220r6020d3600xr500_firmwarer6020_firmwarexr500d7000r6080d7000_firmwarer6700d6000r6900d6200_firmwarer6900_firmwarer6050_firmwared6200jr6150_firmwarejr6150r6700_firmwarer6800_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-20656
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.4||MEDIUM
EPSS-0.36% / 58.05%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 18:43
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a hardcoded password. This affects D6200 before 1.1.00.36, D7000 before 1.0.1.74, PR2000 before 1.0.0.30, R6020 before 1.0.0.42, R6080 before 1.0.0.42, R6050 before 1.0.1.24, JR6150 before 1.0.1.24, R6120 before 1.0.0.48, R6220 before 1.1.0.86, R6230 before 1.1.0.86, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, and WNR2020 before 1.1.0.62.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d7000wnr2020_firmwarer6120r6080d7000_firmwarewnr2020r6230r6700r6220_firmwarepr2000r6080_firmwarer6230_firmwarer6900r6120_firmwared6200_firmwarer6800r6900_firmwarer6050_firmwarer6050pr2000_firmwarer6260_firmwarer6260r6220r6020d6200jr6150jr6150_firmwarer6700_firmwarer6020_firmwarer6800_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2019-20641
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.22% / 44.77%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 17:14
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR RAX40 devices before 1.0.3.64 are affected by lack of access control at the function level.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rax40_firmwarerax40n/a
CVE-2019-20685
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.65% / 70.45%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 14:17
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6200 before 1.1.00.32, D7000 before 1.0.1.68, DM200 before 1.0.0.58, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6050 before 1.0.1.18, R6080 before 1.0.0.38, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.40, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, WNR2020 before 1.1.0.62, and XR500 before 2.3.2.32.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wnr2020_firmwared6000_firmwarer6120wnr2020r6220_firmwarepr2000r6080_firmwaredm200_firmwarer6120_firmwared3600_firmwarer6800r6050pr2000_firmwarer6260_firmwarer6260r6220r6020d3600xr500_firmwarer6020_firmwarexr500d7000dm200r6080d7000_firmwarer6700d6000r6900d6200_firmwarer6900_firmwarer6050_firmwared6200jr6150_firmwarejr6150r6700_firmwarer6800_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-20690
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.06% / 19.56%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 14:25
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.30, D7000 before 1.0.1.66, R6020 before 1.0.0.34, R6080 before 1.0.0.34, R6120 before 1.0.0.44, R6220 before 1.1.0.68, WNR2020 before 1.1.0.54, and WNR614 before 1.1.0.54.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d7000wnr2020_firmwarewnr614wnr614_firmwarer6080r6120d7000_firmwarewnr2020r6220_firmwarer6080_firmwarer6120_firmwared6200_firmwarer6220r6020d6200r6020_firmwaren/a
CVE-2019-20686
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.65% / 70.45%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 14:21
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.36, D7000 before 1.0.1.74, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.40, R6080 before 1.0.0.40, R6050 before 1.0.1.18, R6120 before 1.0.0.48, R6220 before 1.1.0.86, R6260 before 1.1.0.64, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, and WNR2020 before 1.1.0.62.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d7000wnr2020_firmwarer6120r6080d7000_firmwarewnr2020r6700r6220_firmwarepr2000r6080_firmwarer6900r6120_firmwared6200_firmwarer6800r6900_firmwarer6050_firmwarer6050pr2000_firmwarer6260_firmwarer6260r6220r6020jr6150_firmwared6200jr6150r6700_firmwarer6020_firmwarer6800_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-20739
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.34% / 56.01%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 19:18
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR R8500 devices before v1.0.2.128 are affected by a buffer overflow by an unauthenticated attacker.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r8500_firmwarer8500n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-40479
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-2.13% / 83.88%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 02:11
Updated-03 Jan, 2025 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NETGEAR RAX30 UPnP Command Injection Remote Code Execution Vulnerability

NETGEAR RAX30 UPnP Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19704.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-rax30_firmwarerax30RAX30rax30_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-27642
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-6.3||MEDIUM
EPSS-0.04% / 11.67%
||
7 Day CHG~0.00%
Published-29 Mar, 2023 | 00:00
Updated-18 Feb, 2025 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-15854.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-rax48_firmwarerax40rax15lax20r6400_firmwarer7100lgrax35rax50r6900p_firmwarer8500_firmwarerax35_firmwarer7960prax45r7100lg_firmwarers400r7000_firmwarems80rax20rax50s_firmwarer7900prax20_firmwarerax40_firmwarerax50smr60rax43_firmwarer6700rax42r7000rax43rax80_firmwaremr80_firmwarerax38_firmwarerax48r6700_firmwarer7900p_firmwarelax20_firmwarems60r8000_firmwaremr80rax80rs400_firmwarer8000rax75r6900pr8000pms60_firmwarer8000p_firmwarer7850rax200r7000p_firmwarerax200_firmwarer8500r7850_firmwarecax80_firmwaremr60_firmwarerax42_firmwarer7000pcax80ms80_firmwarer7960p_firmwarerax15_firmwarerax75_firmwarerax50_firmwarer6400rax38rax45_firmwareR6700v3
CWE ID-CWE-863
Incorrect Authorization
CVE-2022-27641
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.18% / 39.13%
||
7 Day CHG~0.00%
Published-29 Mar, 2023 | 00:00
Updated-18 Feb, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB module. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15806.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-d7800_firmwareex8000_firmwarer6230r6700r6220_firmwarer6230_firmwared7800ex6200r6400_firmwareex6200_firmwarer7000ex8000r7800r7000_firmwarer6220r7800_firmwarer6400r6700_firmwareR6700v3
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-27644
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-5||MEDIUM
EPSS-0.12% / 30.57%
||
7 Day CHG~0.00%
Published-29 Mar, 2023 | 00:00
Updated-18 Feb, 2025 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15797.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-cbr40_firmwarerax80rs400_firmwarer8000rax75rbr40_firmwarerbs20_firmwarer6400_firmwarer6900pr8000pr6900p_firmwarerbr20r7960prs400r7000_firmwarer8000p_firmwarer7850rax200r7000p_firmwarerax200_firmwarerbs40rbs40_firmwarer7850_firmwarerbr10_firmwarerbr10r6700rbs10_firmwarelbr20_firmwarer7000rax80_firmwarelbr1020_firmwarerbs20rbr40rbs50_firmwarer7000prbs50rbr50_firmwarecbr40rbr50r7960p_firmwarelbr20rbr20_firmwarerbs10rax75_firmwarer6400r6700_firmwarelbr1020r8000_firmwareR6700v3
CWE ID-CWE-295
Improper Certificate Validation
CVE-2022-27646
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8||HIGH
EPSS-1.33% / 79.71%
||
7 Day CHG~0.00%
Published-29 Mar, 2023 | 00:00
Updated-18 Feb, 2025 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the circled daemon. A crafted circleinfo.txt file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15879.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-cbr40_firmwarerax80rs400_firmwarer8000rax75rbr40_firmwarerbs20_firmwarer6400_firmwarer6900pr8000pr6900p_firmwarerbr20r7960prs400r7000_firmwarer8000p_firmwarer7850rax200r7000p_firmwarerax200_firmwarerbs40rbs40_firmwarer7850_firmwarerbr10_firmwarerbr10r6700rbs10_firmwarelbr20_firmwarer7000rax80_firmwarelbr1020_firmwarerbs20rbr40rbs50_firmwarer7000prbs50rbr50_firmwarecbr40rbr50r7960p_firmwarelbr20rbr20_firmwarerbs10rax75_firmwarer6400r6700_firmwarelbr1020r8000_firmwareR6700v3
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2022-27645
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.12% / 31.33%
||
7 Day CHG~0.00%
Published-29 Mar, 2023 | 00:00
Updated-18 Feb, 2025 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15762.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-rax48_firmwarerax40rax15r8000rax75lax20r6400_firmwarer8000prax35rax50r8500_firmwarerax35_firmwarer7960prax45r7000_firmwarer8000p_firmwarer7850rax20rax200rax38rax50s_firmwarer7900prax20_firmwarerax40_firmwarerax200_firmwarer8500rax48rax50sr7850_firmwarerax43_firmwarer6700rax42rax42_firmwarer7000rax43r7960p_firmwarerax15_firmwarerax75_firmwarerax50_firmwarer6400rax38_firmwarerax45_firmwarer6700_firmwarer7900p_firmwarelax20_firmwarer8000_firmwareR6700v3
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-697
Incorrect Comparison
CVE-2022-27643
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-4.29% / 88.62%
||
7 Day CHG~0.00%
Published-29 Mar, 2023 | 00:00
Updated-18 Feb, 2025 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SOAP requests. When parsing the SOAPAction header, the process does not properly validate the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15692.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-rax80rs400_firmwarer8000rax75r6400_firmwarer6900pex3800_firmwarer7100lgr8000pex3700r6900p_firmwarewndr3400d6220r8500_firmwarer7100lg_firmwarer7960pd7000v2rs400r7000_firmwarer8000p_firmwared6400_firmwarer7850rax200d6220_firmwarer7900pex6130r7000p_firmwarerax200_firmwarer8500dc112aex6130_firmwarer7850_firmwarewndr3400_firmwarer6700d7000v2_firmwarexr300r7000rax80_firmwarewnr3500l_firmwarer7000pd6400wnr3500lxr300_firmwareex3800r7960p_firmwareex3700_firmwaredc112a_firmwarerax75_firmwareex6120r6400r6700_firmwarer7900p_firmwareex6120_firmwarer8000_firmwareR6700v3
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-57046
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-62.43% / 98.32%
||
7 Day CHG~0.00%
Published-18 Feb, 2025 | 00:00
Updated-07 Jul, 2025 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Netgear DGN2200 router with firmware version v1.0.0.46 and earlier permits unauthorized individuals to bypass the authentication. When adding "?x=1.gif" to the the requested url, it will be recognized as passing the authentication.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-dgn2200_firmwaredgn2200n/a
CWE ID-CWE-287
Improper Authentication
CVE-2020-26898
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.13% / 32.56%
||
7 Day CHG~0.00%
Published-09 Oct, 2020 | 06:34
Updated-04 Aug, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR RAX40 devices before 1.0.3.80 are affected by incorrect configuration of security settings.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rax40_firmwarerax40n/a
CVE-2021-27256
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.56% / 67.72%
||
7 Day CHG~0.00%
Published-05 Mar, 2021 | 20:00
Updated-03 Aug, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the rc_service parameter provided to apply_save.cgi. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12355.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-br500_firmwarerbk12rbk43sbr500ex6150v2_firmwarer8900_firmwarerbr40_firmwarerbk23_firmwarerbk14_firmwarerbk15_firmwareex6410ex6420_firmwareex7300v2_firmwarebr200_firmwareex6250_firmwarerbk53_firmwarexr500_firmwarexr700_firmwarerbk15xr450_firmwareex7300rbk12_firmwarerbs40rbs50y_firmwarer8900rbs40_firmwarer9000_firmwarerbr10rbs10_firmwarerbk43_firmwareex6410_firmwarerbs20rbs50_firmwarerbs50yr9000ex6400v2ex6100v2ex7700_firmwarer7800rbk23rbs10r7800_firmwareex6100v2_firmwarerbk20_firmwarexr450xr700ex6400rbk43s_firmwarerbk20ex6400_firmwarerbk14ex7300_firmwarerbk44_firmwarerbs20_firmwarebr200d7800rbk44ex6150v2ex8000rbk40ex7320_firmwarerbr20rbk40_firmwarerbk13xr500ex6400v2_firmwareex6420ex7300v2d7800_firmwarerbk43ex8000_firmwareex6250rbr10_firmwarerbr40rbs50rbr50_firmwarerbr50ex7700rbk13_firmwarelbr20rbr20_firmwareex7320rbk50rbk53lbr20_firmwarerbk50_firmwareR7800
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-42756
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-20.19% / 95.37%
||
7 Day CHG~0.00%
Published-23 Aug, 2024 | 00:00
Updated-30 Jan, 2026 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in Netgear DGN1000WW v.1.1.00.45 allows a remote attacker to execute arbitrary code via the Diagnostics page

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-dgn1000ww_firmwaredgn1000wwn/adgn1000_firmware
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-36787
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.02% / 5.38%
||
7 Day CHG~0.00%
Published-07 Jun, 2024 | 14:17
Updated-29 May, 2025 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 allows attackers to bypass authentication and access the administrative interface via unspecified vectors.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wnr614wnr614_firmwaren/awnr614_firmware
CWE ID-CWE-1390
Weak Authentication
CVE-2024-36790
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.05% / 16.92%
||
7 Day CHG~0.00%
Published-07 Jun, 2024 | 14:23
Updated-29 May, 2025 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 was discovered to store credentials in plaintext.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wnr614wnr614_firmwaren/awnr614_firmware
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found