Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-26903

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-09 Oct, 2020 | 06:33
Updated At-04 Aug, 2024 | 16:03
Rejected At-
Credits

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:09 Oct, 2020 | 06:33
Updated At:04 Aug, 2024 | 16:03
Rejected At:
▼CVE Numbering Authority (CNA)

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
3.19.6CRITICAL
CVSS:3.1/AC:L/AV:A/A:L/C:H/I:H/PR:N/S:C/UI:N
Version: 3.1
Base score: 9.6
Base severity: CRITICAL
Vector:
CVSS:3.1/AC:L/AV:A/A:L/C:H/I:H/PR:N/S:C/UI:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://kb.netgear.com/000062351/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-WiFi-Systems-PSV-2020-0043
x_refsource_MISC
Hyperlink: https://kb.netgear.com/000062351/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-WiFi-Systems-PSV-2020-0043
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://kb.netgear.com/000062351/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-WiFi-Systems-PSV-2020-0043
x_refsource_MISC
x_transferred
Hyperlink: https://kb.netgear.com/000062351/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-WiFi-Systems-PSV-2020-0043
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:09 Oct, 2020 | 07:15
Updated At:21 Jul, 2021 | 11:39

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.19.6CRITICAL
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
Primary2.03.3LOW
AV:A/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.6
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
Type: Primary
Version: 2.0
Base score: 3.3
Base severity: LOW
Vector:
AV:A/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
NETGEAR, Inc.
netgear
>>cbr40_firmware>>Versions before 2.5.0.10(exclusive)
cpe:2.3:o:netgear:cbr40_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>cbr40>>-
cpe:2.3:h:netgear:cbr40:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>rbk752_firmware>>Versions before 3.2.15.25(exclusive)
cpe:2.3:o:netgear:rbk752_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>rbk752>>-
cpe:2.3:h:netgear:rbk752:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>rbr750_firmware>>Versions before 3.2.15.25(exclusive)
cpe:2.3:o:netgear:rbr750_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>rbr750>>-
cpe:2.3:h:netgear:rbr750:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>rbs750_firmware>>Versions before 3.2.15.25(exclusive)
cpe:2.3:o:netgear:rbs750_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>rbs750>>-
cpe:2.3:h:netgear:rbs750:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>rbk852_firmware>>Versions before 3.2.10.11(exclusive)
cpe:2.3:o:netgear:rbk852_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>rbk852>>-
cpe:2.3:h:netgear:rbk852:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>rbr850_firmware>>Versions before 3.2.10.11(exclusive)
cpe:2.3:o:netgear:rbr850_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>rbr850>>-
cpe:2.3:h:netgear:rbr850:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>rbs850_firmware>>Versions before 3.2.10.11(exclusive)
cpe:2.3:o:netgear:rbs850_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>rbs850>>-
cpe:2.3:h:netgear:rbs850:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://kb.netgear.com/000062351/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-WiFi-Systems-PSV-2020-0043cve@mitre.org
Vendor Advisory
Hyperlink: https://kb.netgear.com/000062351/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-WiFi-Systems-PSV-2020-0043
Source: cve@mitre.org
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

229Records found
CVE-2020-26931
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.10% / 27.36%
||
7 Day CHG~0.00%
Published-09 Oct, 2020 | 06:24
Updated-04 Aug, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects WC7500 before 6.5.5.24, WC7600 before 6.5.5.24, WC7600v2 before 6.5.5.24, and WC9500 before 6.5.5.24.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wc7500_firmwarewc9500wc7500wc7600_firmwarewc9500_firmwarewc7600n/a
CVE-2020-26905
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.15% / 36.61%
||
7 Day CHG~0.00%
Published-09 Oct, 2020 | 06:33
Updated-04 Aug, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-cbr40rbs850rbk752_firmwarecbr40_firmwarerbk752rbs750_firmwarerbr750rbs750rbs850_firmwarerbr850rbk852_firmwarerbr750_firmwarerbk852rbr850_firmwaren/a
CVE-2020-26897
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.13% / 33.22%
||
7 Day CHG~0.00%
Published-09 Oct, 2020 | 06:34
Updated-04 Aug, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-cbr40rbs850rbk752_firmwarecbr40_firmwarerbk752rbs750_firmwarerbr750rbs750rbs850_firmwarerbr850rbk852rbr750_firmwarerbk852_firmwarerbr850_firmwaren/a
CVE-2020-26921
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.3||HIGH
EPSS-0.13% / 33.68%
||
7 Day CHG~0.00%
Published-09 Oct, 2020 | 06:28
Updated-04 Aug, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by authentication bypass. This affects GS110EMX before 1.0.1.7, GS810EMX before 1.7.1.3, XS512EM before 1.0.1.3, and XS724EM before 1.0.1.3.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-gs810emx_firmwaregs110emxxs724em_firmwarexs512em_firmwaregs110emx_firmwarexs512emxs724emgs810emxn/a
CWE ID-CWE-287
Improper Authentication
CVE-2020-25067
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-1.54% / 80.60%
||
7 Day CHG~0.00%
Published-01 Sep, 2020 | 03:22
Updated-04 Aug, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR R8300 devices before 1.0.2.134 are affected by command injection by an unauthenticated attacker.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r8300_firmwarer8300n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-38513
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.32% / 54.14%
||
7 Day CHG~0.00%
Published-11 Aug, 2021 | 00:03
Updated-04 Aug, 2024 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by authentication bypass. This affects RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, RBS850 before 3.2.10.11, CBR40 before 2.5.0.10, EAX20 before 1.0.0.48, MK62 before 1.0.6.110, MR60 before 1.0.6.110, MS60 before 1.0.6.110, RBK752 before 3.2.10.10, RBR750 before 3.2.10.10, and RBS750 before 3.2.10.10.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-eax20_firmwarecbr40_firmwarerbs750_firmwaremk62_firmwaremr60mr60_firmwarerbs850_firmwarerbr850mk62rbr750_firmwareeax20cbr40rbs850rbk752_firmwarems60_firmwarerbk752rbr750rbs750rbk852rbk852_firmwarems60rbr850_firmwaren/a
CVE-2023-50677
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.31% / 53.37%
||
7 Day CHG~0.00%
Published-14 Mar, 2024 | 00:00
Updated-14 Aug, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in NETGEAR-DGND4000 v.1.1.00.15_1.00.15 allows a remote attacker to escalate privileges via the next_file parameter to the /setup.cgi component.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-n/adgnd4000_firmware
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-51635
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.87% / 82.36%
||
7 Day CHG~0.00%
Published-22 Nov, 2024 | 20:04
Updated-03 Jan, 2025 | 16:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NETGEAR RAX30 fing_dil Stack-based Buffer Overflow Remote Code Execution Vulnerability

NETGEAR RAX30 fing_dil Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within fing_dil service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19843.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-rax30_firmwarerax30RAX30rax30_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-17409
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 52.70%
||
7 Day CHG~0.00%
Published-13 Oct, 2020 | 17:10
Updated-04 Aug, 2024 | 13:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6120, R6080, R6260, R6220, R6020, JNR3210, and WNR2020 routers with firmware 1.0.66. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-10754.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-r6350_firmwarewnr2020_firmwarer6120r6850_firmwarer6080wnr2020r6230r6220_firmwarer6330jnr3210_firmwarer6080_firmwarer6230_firmwarer6120_firmwarer6850r6260r6260_firmwarer6350r6220jnr3210r6020r6330_firmwarer6020_firmwareMultiple Routers
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2020-15416
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.53% / 80.55%
||
7 Day CHG~0.00%
Published-28 Jul, 2020 | 17:10
Updated-04 Aug, 2024 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9703.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-r6700_firmwarer6700R6700
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2017-18855
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.27% / 49.85%
||
7 Day CHG~0.00%
Published-29 Apr, 2020 | 13:14
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR WNR854T devices before 1.5.2 are affected by command execution.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wnr854twnr854t_firmwaren/a
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2020-14431
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.19% / 41.61%
||
7 Day CHG~0.00%
Published-18 Jun, 2020 | 16:26
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs750_firmwarerbs850_firmwarerbr850rbr750_firmwarerbk842rbk853_firmwarerbs850rbk752_firmwarerbk753_firmwarerbk752rbr750rbs750rbs840_firmwarerbk853rbr840rbk753rbk753srbr840_firmwarerbk852_firmwarerbk852rbk842_firmwarerbk753s_firmwarerbr850_firmwarerbs840n/a
CVE-2020-14442
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-1.54% / 80.60%
||
7 Day CHG~0.00%
Published-18 Jun, 2020 | 16:40
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs750_firmwarerbs850_firmwarerbr850rbr750_firmwarerbk842rbk853_firmwarerbs850rbk752_firmwarerbk753_firmwarerbk752rbr750rbs750rbs840_firmwarerbk853rbr840rbk753rbk753srbr840_firmwarerbk852_firmwarerbk852rbk842_firmwarerbk753s_firmwarerbr850_firmwarerbs840n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-14428
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.19% / 40.59%
||
7 Day CHG~0.00%
Published-18 Jun, 2020 | 16:21
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs750_firmwarerbs850_firmwarerbr850rbr750_firmwarerbk842rbk853_firmwarerbs850rbk752_firmwarerbk753_firmwarerbk752rbr750rbs750rbs840_firmwarerbk853rbr840rbk753rbk753srbr840_firmwarerbk852_firmwarerbk852rbk842_firmwarerbk753s_firmwarerbr850_firmwarerbs840n/a
CVE-2020-14440
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-1.54% / 80.60%
||
7 Day CHG~0.00%
Published-18 Jun, 2020 | 16:39
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs750_firmwarerbs850_firmwarerbr850rbr750_firmwarerbk842rbk853_firmwarerbs850rbk752_firmwarerbk753_firmwarerbk752rbr750rbs750rbs840_firmwarerbk853rbr840rbk753rbk753srbr840_firmwarerbk852_firmwarerbk852rbk842_firmwarerbk753s_firmwarerbr850_firmwarerbs840n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-14441
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-1.54% / 80.60%
||
7 Day CHG~0.00%
Published-18 Jun, 2020 | 16:39
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs750_firmwarerbs850_firmwarerbr850rbr750_firmwarerbk842rbk853_firmwarerbs850rbk752_firmwarerbk753_firmwarerbk752rbr750rbs750rbs840_firmwarerbk853rbr840rbk753rbk753srbr840_firmwarerbk852_firmwarerbk852rbk842_firmwarerbk753s_firmwarerbr850_firmwarerbs840n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-14438
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-1.54% / 80.60%
||
7 Day CHG~0.00%
Published-18 Jun, 2020 | 16:38
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs750_firmwarerbs850_firmwarerbr850rbr750_firmwarerbk842rbk853_firmwarerbs850rbk752_firmwarerbk753_firmwarerbk752rbr750rbs750rbs840_firmwarerbk853rbr840rbk753rbk753srbr840_firmwarerbk852_firmwarerbk852rbk842_firmwarerbk753s_firmwarerbr850_firmwarerbs840n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-14426
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.10% / 27.80%
||
7 Day CHG~0.00%
Published-18 Jun, 2020 | 16:20
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBK853 before 3.2.10.11, RBR850 before 3.2.10.11, RBS850 before 3.2.10.11, RBK842 before 3.2.10.11, RBR840 before 3.2.10.11, and RBS840 before 3.2.10.11.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs750_firmwarerbs850_firmwarerbr850rbr750_firmwarerbk842rbk853_firmwarerbs850rbk752_firmwarerbk753_firmwarerbk752rbr750rbs750rbs840_firmwarerbk853rbr840rbk753rbk753srbr840_firmwarerbk852rbk852_firmwarerbk842_firmwarerbk753s_firmwarerbr850_firmwarerbs840n/a
CVE-2020-14427
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.10% / 27.80%
||
7 Day CHG~0.00%
Published-18 Jun, 2020 | 16:21
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs750_firmwarerbs850_firmwarerbr850rbr750_firmwarerbk842rbk853_firmwarerbs850rbk752_firmwarerbk753_firmwarerbk752rbr750rbs750rbs840_firmwarerbk853rbr840rbk753rbk753srbr840_firmwarerbk852_firmwarerbk852rbk842_firmwarerbk753s_firmwarerbr850_firmwarerbs840n/a
CVE-2020-14435
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.21% / 43.66%
||
7 Day CHG~0.00%
Published-18 Jun, 2020 | 16:35
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects SRK60 before 2.5.2.104, SRS60 before 2.5.2.104, SRR60 before 2.5.2.104, SRK60B03 before 2.5.2.104, SRK60B04 before 2.5.2.104, SRK60B05 before 2.5.2.104, and SRK60B06 before 2.5.2.104.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-srk60b04_firmwaresrk60b06_firmwaresrk60b05_firmwaresrk60b06srk60b03_firmwaresrk60_firmwaresrk60b05srr60srs60_firmwaresrk60srs60srk60b04srk60b03srr60_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-14439
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.79% / 72.91%
||
7 Day CHG~0.00%
Published-18 Jun, 2020 | 16:38
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs750_firmwarerbs850_firmwarerbr850rbr750_firmwarerbk842rbk853_firmwarerbs850rbk752_firmwarerbk753_firmwarerbk752rbr750rbs750rbs840_firmwarerbk853rbr840rbk753rbk753srbr840_firmwarerbk852_firmwarerbk852rbk842_firmwarerbk753s_firmwarerbr850_firmwarerbs840n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-14430
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.10% / 27.80%
||
7 Day CHG~0.00%
Published-18 Jun, 2020 | 16:26
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs750_firmwarerbs850_firmwarerbr850rbr750_firmwarerbk842rbk853_firmwarerbs850rbk752_firmwarerbk753_firmwarerbk752rbr750rbs750rbs840_firmwarerbk853rbr840rbk753rbk753srbr840_firmwarerbk852_firmwarerbk852rbk842_firmwarerbk753s_firmwarerbr850_firmwarerbs840n/a
CVE-2018-21203
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.21% / 43.21%
||
7 Day CHG~0.00%
Published-28 Apr, 2020 | 15:11
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects R6100 before 1.0.1.20, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r9000_firmwarewndr3700wndr4500r6100wndr3700_firmwarewndr4300wndr4500_firmwarer6100_firmwarer9000wndr4300_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-14437
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-1.54% / 80.60%
||
7 Day CHG~0.00%
Published-18 Jun, 2020 | 16:37
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs750_firmwarerbs850_firmwarerbr850rbr750_firmwarerbk842rbk853_firmwarerbs850rbk752_firmwarerbk753_firmwarerbk752rbr750rbs750rbs840_firmwarerbk853rbr840rbk753rbk753srbr840_firmwarerbk852_firmwarerbk852rbk842_firmwarerbk753s_firmwarerbr850_firmwarerbs840n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-14429
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.24% / 47.54%
||
7 Day CHG~0.00%
Published-18 Jun, 2020 | 16:25
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects MK62 before 1.0.4.92, MK63 before 1.0.4.92, MR60 before 1.0.4.92, MS60 before 1.0.4.92, RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBS750 before 3.2.15.25, RBR750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-mk62rbk842rbs850ms60_firmwarerbk753_firmwarerbr750rbk853rbk753rbk753srbs840rbk842_firmwarerbs750_firmwaremr60mk62_firmwaremr60_firmwarerbs850_firmwarerbr850rbr750_firmwarerbk853_firmwaremk63_firmwarerbk752_firmwarerbk752rbs750rbs840_firmwarerbr840rbr840_firmwarerbk852_firmwarerbk852ms60rbk753s_firmwarerbr850_firmwaremk63n/a
CVE-2018-21158
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.13% / 33.09%
||
7 Day CHG~0.00%
Published-27 Apr, 2020 | 17:25
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR R7800 devices before 1.0.2.46 are affected by incorrect configuration of security settings.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r7800r7800_firmwaren/a
CVE-2018-21093
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.4||MEDIUM
EPSS-0.09% / 26.24%
||
7 Day CHG~0.00%
Published-27 Apr, 2020 | 14:41
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D8500 before 1.0.3.42, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.24, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150 before 1.0.0.42, EX6200 before 1.0.3.88, EX7000 before 1.0.0.66, R6250 before 1.0.4.26, R6300-2CXNAS before 1.0.3.60, R6300v2 before 1.0.4.28, R6400 before 1.0.1.36, R6400v2 before 1.0.2.52, R6700 before 1.0.1.46, R6900 before 1.0.1.46, R7000 before 1.0.9.28, R7000P before 1.3.1.44, R6900P before 1.3.1.44, R7100LG before 1.0.0.46, R7300 before 1.0.0.68, R7900 before 1.0.2.10, R8000 before 1.0.4.18, R8000P before 1.3.0.10, R7900P before 1.3.0.10, R8500 before 1.0.2.122, R8300 before 1.0.2.122, RBW30 before 2.1.2.6, WN2500RPv2 before 1.0.0.54, and WNR3500Lv2 before 1.2.0.56.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r7300rbw30_firmwarer7300_firmwarer8000r6400_firmwareex3800_firmwareex6200ex7000r6900pr7100lgr7900r8000pex3700r6900p_firmwarerbw30r8500_firmwarer7100lg_firmwarer8300r7000_firmwarer6300-2cxnas_firmwarer6300-2cxnasr8000p_firmwarewn2500rpwn2500rp_firmwarer6300_firmwareex6130d8500_firmwarer6250_firmwarer7900pex6000_firmwareex6100r7000p_firmwarer8500ex6130_firmwared8500r6700r8300_firmwarer7000wnr3500l_firmwareex6200_firmwareex6150r6900r7000pwnr3500lr6900_firmwareex3800r7900_firmwareex6100_firmwareex3700_firmwareex6000ex7000_firmwareex6120r6300r6400r6700_firmwarer7900p_firmwareex6120_firmwareex6150_firmwarer8000_firmwarer6250n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-21138
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.08% / 24.40%
||
7 Day CHG~0.00%
Published-23 Apr, 2020 | 20:06
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.76 and D6000 before 1.0.0.76.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d3600d3600_firmwared6000_firmwared6000n/a
CVE-2018-21205
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.74% / 72.08%
||
7 Day CHG~0.00%
Published-28 Apr, 2020 | 15:13
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D7800 before 1.0.1.30, EX2700 before 1.0.1.28, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WN2000RPTv3 before 1.0.1.20, WN3000RPv3 before 1.0.2.50, WN3100RPv2 before 1.0.0.56, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wn2000rpt_firmwarewn3000rp_firmwared7800_firmwarewn3000rpr900wndr3700wndr3700_firmwarer900_firmwared7800r6100_firmwarewndr4500_firmwareex2700wn2000rptwn3100rp_firmwarer7500wndr4300_firmwarer7500_firmwarer7800wn3100rpex2700_firmwarewndr4500r6100wndr4300r7800_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2018-21129
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.10% / 27.80%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 17:34
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wac505_firmwarewac510_firmwarewac505wac510n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-21121
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.12% / 31.94%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 15:21
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by authentication bypass. This affects GS810EMX before 1.0.0.5, XS512EM before 1.0.0.6, and XS724EM before 1.0.0.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-gs810emx_firmwarexs724em_firmwarexs512em_firmwarexs512emxs724emgs810emxn/a
CWE ID-CWE-287
Improper Authentication
CVE-2018-21117
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.24% / 46.89%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 15:00
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR XR500 devices before 2.3.2.32 are affected by remote code execution by unauthenticated attackers via the traceroute handler.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-xr500_firmwarexr500n/a
CVE-2020-11551
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.30% / 52.58%
||
7 Day CHG~0.00%
Published-18 May, 2020 | 15:45
Updated-04 Aug, 2024 | 11:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 V2.5.1.106. The administrative SOAP interface allows an unauthenticated remote write of arbitrary Wi-Fi configuration data such as authentication details (e.g., the Web-admin password), network settings, DNS settings, system administration interface configuration, etc.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs50y_firmwaresrr60srs60_firmwaresrs60rbs50ysrr60_firmwaren/a
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-330
Use of Insufficiently Random Values
CVE-2020-11550
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.4||HIGH
EPSS-0.17% / 38.35%
||
7 Day CHG~0.00%
Published-18 May, 2020 | 15:46
Updated-04 Aug, 2024 | 11:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 V2.5.1.106. The administrative SOAP interface allows an unauthenticated remote leak of sensitive/arbitrary Wi-Fi information, such as SSIDs and Pre-Shared-Keys (PSK).

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs50y_firmwaresrr60srs60_firmwaresrs60rbs50ysrr60_firmwaren/a
CVE-2018-21113
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.09% / 26.41%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 14:38
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6100 before 1.0.0.58, D7800 before 1.0.1.42, R6100 before 1.0.1.28, R7500 before 1.0.0.130, R7500v2 before 1.0.3.36, R7800 before 1.0.2.52, R8900 before 1.0.4.12, R9000 before 1.0.4.12, WNDR3700v4 before 1.0.2.102, WNDR4300 before 1.0.2.104, WNDR4300v2 before 1.0.0.56, and WNDR4500v3 before 1.0.0.56.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d7800_firmwarer8900r9000_firmwarewndr3700r8900_firmwarewndr3700_firmwarewndr4500_firmwared7800r6100_firmwarer9000r7500wndr4300_firmwarer7500_firmwarer7800d6100_firmwared6100wndr4500r6100wndr4300r7800_firmwaren/a
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2018-21211
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.87% / 74.29%
||
7 Day CHG~0.00%
Published-28 Apr, 2020 | 15:34
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D7800 before 1.0.1.30, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d7800_firmwarer9000_firmwared6000_firmwarewndr3700wndr3700_firmwarewndr4500_firmwared7800wnr2000_firmwared6000r9000r7500wndr4300_firmwared3600_firmwarer7500_firmwarer7800d6100_firmwared6100wndr4500d3600wndr4300r7800_firmwarewnr2000n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2018-21208
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.70% / 71.09%
||
7 Day CHG~0.00%
Published-28 Apr, 2020 | 15:30
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7500v2 before 1.0.3.24, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r7500_firmwared6100_firmwared6100wndr4500r6100wndr4300wndr4500_firmwarer6100_firmwarer7500wndr4300_firmwaren/a
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2020-10923
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-6.5||MEDIUM
EPSS-43.60% / 97.43%
||
7 Day CHG~0.00%
Published-28 Jul, 2020 | 17:10
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on TCP port 5000. A crafted UPnP message can be used to bypass authentication. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-9642.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-r6700_firmwarer6700R6700
CWE ID-CWE-305
Authentication Bypass by Primary Weakness
CVE-2020-10926
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.5||HIGH
EPSS-0.06% / 19.89%
||
7 Day CHG~0.00%
Published-28 Jul, 2020 | 17:10
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of firmware updates. The issue results from the lack of proper validation of the firmware image prior to performing an upgrade. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9648.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-r6700_firmwarer6700R6700
CWE ID-CWE-494
Download of Code Without Integrity Check
CVE-2018-21170
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.03% / 8.44%
||
7 Day CHG~0.00%
Published-27 Apr, 2020 | 17:35
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects EX2700 before 1.0.1.28, R7800 before 1.0.2.40, WN2000RPTv3 before 1.0.1.20, WN3000RPv3 before 1.0.2.50, and WN3100RPv2 before 1.0.0.56.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wn2000rpt_firmwarewn3000rp_firmwarer7800wn3000rpwn3100rpex2700_firmwarer7800_firmwareex2700wn2000rptwn3100rp_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-21130
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.70% / 70.98%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 17:35
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wac505_firmwarewac510_firmwarewac505wac510n/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-10927
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.5||HIGH
EPSS-0.05% / 15.81%
||
7 Day CHG~0.00%
Published-28 Jul, 2020 | 17:10
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the encryption of firmware update images. The issue results from the use of an inappropriate encryption algorithm. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9649.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-r6700_firmwarer6700R6700
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2018-21124
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.11% / 30.87%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 15:49
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR WAC510 devices before 5.0.0.17 are affected by privilege escalation.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wac505_firmwarewac510_firmwarewac505wac510n/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2018-21210
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 34.63%
||
7 Day CHG~0.00%
Published-28 Apr, 2020 | 15:33
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D7800 before 1.0.1.30, EX2700 before 1.0.1.28, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WN2000RPTv3 before 1.0.1.20, WN3000RPv3 before 1.0.2.50, WN3100RPv2 before 1.0.0.56, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wn2000rpt_firmwarewn3000rp_firmwared7800_firmwarewn3000rpr900d6000_firmwarewndr3700wndr3700_firmwarer900_firmwared7800r6100_firmwarewndr4500_firmwareex2700d6000wn3100rp_firmwarewn2000rptwndr4300_firmwarer7500d3600_firmwarer7500_firmwarer7800wn3100rpex2700_firmwarewndr4500d3600r6100wndr4300r7800_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2018-21226
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.12% / 31.94%
||
7 Day CHG~0.00%
Published-28 Apr, 2020 | 16:39
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by authentication bypass. This affects JNR1010v2 before 1.1.0.48, JWNR2010v5 before 1.1.0.48, WNR1000v4 before 1.1.0.48, WNR2020 before 1.1.0.48, and WNR2050 before 1.1.0.48.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-jnr1010_firmwarewnr1000_firmwarewnr2020_firmwarewnr2050wnr2020wnr2050_firmwarewnr1000jnr1010jwnr2010jwnr2010_firmwaren/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2018-21219
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 34.63%
||
7 Day CHG~0.00%
Published-28 Apr, 2020 | 15:44
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d7800_firmwarer9000_firmwared6000_firmwarewndr3700wndr3700_firmwarewnr2000_firmwared7800r6100_firmwarewndr4500_firmwared6000r9000r7500wndr4300_firmwarer7500_firmwared3600_firmwared6100_firmwared6100wndr4500d3600r6100wndr4300wnr2000n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2018-21216
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.13% / 33.24%
||
7 Day CHG~0.00%
Published-28 Apr, 2020 | 15:42
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, and R6100 before 1.0.1.20.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d3600_firmwared6000_firmwared6100_firmwared6100d3600r6100r6100_firmwared6000n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-10929
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.21% / 43.93%
||
7 Day CHG~0.00%
Published-28 Jul, 2020 | 17:10
Updated-04 Aug, 2024 | 11:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-9768.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-r6700_firmwarer6700R6700
CWE ID-CWE-680
Integer Overflow to Buffer Overflow
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2020-10925
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.5||HIGH
EPSS-0.10% / 28.72%
||
7 Day CHG~0.00%
Published-28 Jul, 2020 | 17:10
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-9647.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-r6700_firmwarer6700R6700
CWE ID-CWE-295
Improper Certificate Validation
CVE-2018-21221
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.13% / 33.38%
||
7 Day CHG~0.00%
Published-28 Apr, 2020 | 16:23
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, and R9000 before 1.0.2.52.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d3600_firmwarer9000_firmwared6000_firmwared3600d6000r9000n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found