Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-36787

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-07 Jun, 2024 | 14:17
Updated At-13 Mar, 2025 | 17:00
Rejected At-
Credits

An issue in Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 allows attackers to bypass authentication and access the administrative interface via unspecified vectors.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:07 Jun, 2024 | 14:17
Updated At:13 Mar, 2025 | 17:00
Rejected At:
▼CVE Numbering Authority (CNA)

An issue in Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 allows attackers to bypass authentication and access the administrative interface via unspecified vectors.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-netgear-wnr614-router/
N/A
Hyperlink: https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-netgear-wnr614-router/
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
NETGEAR, Inc.netgear
Product
wnr614_firmware
CPEs
  • cpe:2.3:o:netgear:wnr614_firmware:1.1.0.54:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 1.1.0.54
Problem Types
TypeCWE IDDescription
CWECWE-1390CWE-1390 Weak Authentication
Type: CWE
CWE ID: CWE-1390
Description: CWE-1390 Weak Authentication
Metrics
VersionBase scoreBase severityVector
3.18.8HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-netgear-wnr614-router/
x_transferred
Hyperlink: https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-netgear-wnr614-router/
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:07 Jun, 2024 | 15:15
Updated At:29 May, 2025 | 16:12

An issue in Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 allows attackers to bypass authentication and access the administrative interface via unspecified vectors.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.8HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
NETGEAR, Inc.
netgear
>>wnr614_firmware>>1.1.0.54_1.0.1
cpe:2.3:o:netgear:wnr614_firmware:1.1.0.54_1.0.1:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wnr614>>-
cpe:2.3:h:netgear:wnr614:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-1390Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-1390
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-netgear-wnr614-router/cve@mitre.org
Exploit
Third Party Advisory
https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-netgear-wnr614-router/af854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
Hyperlink: https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-netgear-wnr614-router/
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-netgear-wnr614-router/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

201Records found
CVE-2017-18728
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.58% / 67.89%
||
7 Day CHG~0.00%
Published-24 Apr, 2020 | 13:01
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d6200_firmwarer6800r6900_firmwarer6900r6700d6200r6700_firmwarer6800_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-18723
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.27% / 50.34%
||
7 Day CHG~0.00%
Published-24 Apr, 2020 | 13:13
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d6200_firmwarer6800r6900_firmwarer6900r6700d6200r6700_firmwarer6800_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-18722
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.27% / 50.34%
||
7 Day CHG~0.00%
Published-24 Apr, 2020 | 13:14
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d6200_firmwarer6800r6900_firmwarer6900r6700d6200r6700_firmwarer6800_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-18719
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 34.65%
||
7 Day CHG~0.00%
Published-24 Apr, 2020 | 13:20
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6020 before 1.1.00.26, R6080 before 1.1.00.26; R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d6200_firmwarer6800r6900_firmwarer6900r6080r6020r6700d6200r6080_firmwarer6700_firmwarer6020_firmwarer6800_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-18705
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.13% / 33.12%
||
7 Day CHG~0.00%
Published-24 Apr, 2020 | 14:03
Updated-05 Aug, 2024 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D7800 before 1.0.1.28, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.88, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.62.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d7800_firmwarer9000_firmwarewndr3700wndr3700_firmwarewndr4500_firmwared7800r6100_firmwarewnr2000_firmwarer9000r7500wndr4300_firmwarer7500_firmwarer7800wndr4500r6100wndr4300r7800_firmwarewnr2000n/a
CVE-2017-18751
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.50% / 80.38%
||
7 Day CHG~0.00%
Published-23 Apr, 2020 | 15:21
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D7800 before 1.0.1.28, R6100 before 1.0.1.16, R7500 before 1.0.0.112, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.88, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, and WNDR4500v3 before 1.0.0.48.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d7800_firmwarer9000_firmwarewndr3700wndr3700_firmwarewndr4500_firmwared7800r6100_firmwarer9000r7500wndr4300_firmwarer7500_firmwarer7800wndr4500r6100wndr4300r7800_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-18762
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.79% / 73.01%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 15:44
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D3600 before 1.0.0.68, D6000 before 1.0.0.68, D6100 before 1.0.0.57, R6100 before 1.0.1.16, R6900P before 1.2.0.22, R7000 before 1.0.9.10, R7000P before 1.2.0.22, R7100LG before 1.0.0.40, WNDR3700v4 before 1.0.2.88, WNDR4300v1 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.58.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d6000_firmwarewndr3700wndr3700_firmwarer7000r6900pr6100_firmwarer7100lgwndr4500_firmwarewnr2000_firmwared6000r7000pwndr4300_firmwarer6900p_firmwared3600_firmwarer7100lg_firmwarer7000_firmwared6100_firmwared6100wndr4500d3600r6100wndr4300wnr2000r7000p_firmwaren/a
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2017-18736
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.79% / 73.01%
||
7 Day CHG~0.00%
Published-23 Apr, 2020 | 16:12
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects JR6150 before 1.0.1.10, R6050 before 1.0.1.10, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, and WNDR3700v5 before 1.1.0.48.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r6800r6050_firmwarer6900_firmwarer6050r6900wndr3700r6220jr6150jr6150_firmwarer6700r6220_firmwarewndr3700_firmwarer6700_firmwarer6800_firmwaren/a
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2017-18718
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.65% / 69.91%
||
7 Day CHG~0.00%
Published-24 Apr, 2020 | 13:28
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d6200_firmwarer6800r6900_firmwarer6900r6700d6200r6700_firmwarer6800_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-25067
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-1.54% / 80.61%
||
7 Day CHG~0.00%
Published-01 Sep, 2020 | 03:22
Updated-04 Aug, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR R8300 devices before 1.0.2.134 are affected by command injection by an unauthenticated attacker.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r8300_firmwarer8300n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-15416
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.53% / 80.57%
||
7 Day CHG~0.00%
Published-28 Jul, 2020 | 17:10
Updated-04 Aug, 2024 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9703.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-r6700_firmwarer6700R6700
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2020-15635
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.00% / 76.10%
||
7 Day CHG~0.00%
Published-19 Aug, 2020 | 20:55
Updated-04 Aug, 2024 | 13:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers with firmware 1.0.4.84_10.0.58. Authentication is not required to exploit this vulnerability. The specific flaw exists within the acsd service, which listens on TCP port 5916 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-9853.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-r6700_firmwarer6700R6700
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2020-14441
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-1.54% / 80.61%
||
7 Day CHG~0.00%
Published-18 Jun, 2020 | 16:39
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs750_firmwarerbs850_firmwarerbr850rbr750_firmwarerbk842rbk853_firmwarerbs850rbk752_firmwarerbk753_firmwarerbk752rbr750rbs750rbs840_firmwarerbk853rbr840rbk753rbk753srbr840_firmwarerbk852_firmwarerbk852rbk842_firmwarerbk753s_firmwarerbr850_firmwarerbs840n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-14426
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.10% / 27.81%
||
7 Day CHG~0.00%
Published-18 Jun, 2020 | 16:20
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBK853 before 3.2.10.11, RBR850 before 3.2.10.11, RBS850 before 3.2.10.11, RBK842 before 3.2.10.11, RBR840 before 3.2.10.11, and RBS840 before 3.2.10.11.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs750_firmwarerbs850_firmwarerbr850rbr750_firmwarerbk842rbk853_firmwarerbs850rbk752_firmwarerbk753_firmwarerbk752rbr750rbs750rbs840_firmwarerbk853rbr840rbk753rbk753srbr840_firmwarerbk852rbk852_firmwarerbk842_firmwarerbk753s_firmwarerbr850_firmwarerbs840n/a
CVE-2020-14435
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.21% / 43.67%
||
7 Day CHG~0.00%
Published-18 Jun, 2020 | 16:35
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects SRK60 before 2.5.2.104, SRS60 before 2.5.2.104, SRR60 before 2.5.2.104, SRK60B03 before 2.5.2.104, SRK60B04 before 2.5.2.104, SRK60B05 before 2.5.2.104, and SRK60B06 before 2.5.2.104.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-srk60b04_firmwaresrk60b06_firmwaresrk60b05_firmwaresrk60b06srk60b03_firmwaresrk60_firmwaresrk60b05srr60srs60_firmwaresrk60srs60srk60b04srk60b03srr60_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-14429
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.24% / 47.55%
||
7 Day CHG~0.00%
Published-18 Jun, 2020 | 16:25
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects MK62 before 1.0.4.92, MK63 before 1.0.4.92, MR60 before 1.0.4.92, MS60 before 1.0.4.92, RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBS750 before 3.2.15.25, RBR750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-mk62rbk842rbs850ms60_firmwarerbk753_firmwarerbr750rbk853rbk753rbk753srbs840rbk842_firmwarerbs750_firmwaremr60mk62_firmwaremr60_firmwarerbs850_firmwarerbr850rbr750_firmwarerbk853_firmwaremk63_firmwarerbk752_firmwarerbk752rbs750rbs840_firmwarerbr840rbr840_firmwarerbk852_firmwarerbk852ms60rbk753s_firmwarerbr850_firmwaremk63n/a
CVE-2020-14442
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-1.54% / 80.61%
||
7 Day CHG~0.00%
Published-18 Jun, 2020 | 16:40
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs750_firmwarerbs850_firmwarerbr850rbr750_firmwarerbk842rbk853_firmwarerbs850rbk752_firmwarerbk753_firmwarerbk752rbr750rbs750rbs840_firmwarerbk853rbr840rbk753rbk753srbr840_firmwarerbk852_firmwarerbk852rbk842_firmwarerbk753s_firmwarerbr850_firmwarerbs840n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-14438
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-1.54% / 80.61%
||
7 Day CHG~0.00%
Published-18 Jun, 2020 | 16:38
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs750_firmwarerbs850_firmwarerbr850rbr750_firmwarerbk842rbk853_firmwarerbs850rbk752_firmwarerbk753_firmwarerbk752rbr750rbs750rbs840_firmwarerbk853rbr840rbk753rbk753srbr840_firmwarerbk852_firmwarerbk852rbk842_firmwarerbk753s_firmwarerbr850_firmwarerbs840n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45503
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.08% / 24.11%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 01:02
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by authentication bypass. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs850rbk752_firmwarerbk752rbs750_firmwarerbr750rbs750cbr750rbs850_firmwarerbr850rbk852_firmwarerbr750_firmwarerbk852cbr750_firmwarerbr850_firmwaren/a
CVE-2020-14431
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.19% / 41.62%
||
7 Day CHG~0.00%
Published-18 Jun, 2020 | 16:26
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs750_firmwarerbs850_firmwarerbr850rbr750_firmwarerbk842rbk853_firmwarerbs850rbk752_firmwarerbk753_firmwarerbk752rbr750rbs750rbs840_firmwarerbk853rbr840rbk753rbk753srbr840_firmwarerbk852_firmwarerbk852rbk842_firmwarerbk753s_firmwarerbr850_firmwarerbs840n/a
CVE-2020-14437
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-1.54% / 80.61%
||
7 Day CHG~0.00%
Published-18 Jun, 2020 | 16:37
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs750_firmwarerbs850_firmwarerbr850rbr750_firmwarerbk842rbk853_firmwarerbs850rbk752_firmwarerbk753_firmwarerbk752rbr750rbs750rbs840_firmwarerbk853rbr840rbk753rbk753srbr840_firmwarerbk852_firmwarerbk852rbk842_firmwarerbk753s_firmwarerbr850_firmwarerbs840n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-14428
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.19% / 40.59%
||
7 Day CHG~0.00%
Published-18 Jun, 2020 | 16:21
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs750_firmwarerbs850_firmwarerbr850rbr750_firmwarerbk842rbk853_firmwarerbs850rbk752_firmwarerbk753_firmwarerbk752rbr750rbs750rbs840_firmwarerbk853rbr840rbk753rbk753srbr840_firmwarerbk852_firmwarerbk852rbk842_firmwarerbk753s_firmwarerbr850_firmwarerbs840n/a
CVE-2021-45510
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.2||HIGH
EPSS-0.06% / 18.92%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 01:01
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR XR1000 devices before 1.0.0.58 are affected by authentication bypass.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-xr1000_firmwarexr1000n/a
CVE-2020-14427
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.10% / 27.81%
||
7 Day CHG~0.00%
Published-18 Jun, 2020 | 16:21
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs750_firmwarerbs850_firmwarerbr850rbr750_firmwarerbk842rbk853_firmwarerbs850rbk752_firmwarerbk753_firmwarerbk752rbr750rbs750rbs840_firmwarerbk853rbr840rbk753rbk753srbr840_firmwarerbk852_firmwarerbk852rbk842_firmwarerbk753s_firmwarerbr850_firmwarerbs840n/a
CVE-2020-14440
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-1.54% / 80.61%
||
7 Day CHG~0.00%
Published-18 Jun, 2020 | 16:39
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs750_firmwarerbs850_firmwarerbr850rbr750_firmwarerbk842rbk853_firmwarerbs850rbk752_firmwarerbk753_firmwarerbk752rbr750rbs750rbs840_firmwarerbk853rbr840rbk753rbk753srbr840_firmwarerbk852_firmwarerbk852rbk842_firmwarerbk753s_firmwarerbr850_firmwarerbs840n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-14430
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.10% / 27.81%
||
7 Day CHG~0.00%
Published-18 Jun, 2020 | 16:26
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs750_firmwarerbs850_firmwarerbr850rbr750_firmwarerbk842rbk853_firmwarerbs850rbk752_firmwarerbk753_firmwarerbk752rbr750rbs750rbs840_firmwarerbk853rbr840rbk753rbk753srbr840_firmwarerbk852_firmwarerbk852rbk842_firmwarerbk753s_firmwarerbr850_firmwarerbs840n/a
CVE-2021-45636
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.32% / 54.61%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:31
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR D7000 devices before 1.0.1.82 are affected by a stack-based buffer overflow by an unauthenticated attacker.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d7000d7000_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-14439
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.79% / 72.92%
||
7 Day CHG~0.00%
Published-18 Jun, 2020 | 16:38
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs750_firmwarerbs850_firmwarerbr850rbr750_firmwarerbk842rbk853_firmwarerbs850rbk752_firmwarerbk753_firmwarerbk752rbr750rbs750rbs840_firmwarerbk853rbr840rbk753rbk753srbr840_firmwarerbk852_firmwarerbk852rbk842_firmwarerbk753s_firmwarerbr850_firmwarerbs840n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-11788
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 26.00%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 17:05
Updated-04 Aug, 2024 | 11:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.34, D7000 before 1.0.1.68, PR2000 before 1.0.0.28, R6050 before 1.0.1.18, JR6150 before 1.0.1.18, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6230 before 1.1.0.80, R6260 before 1.1.0.64, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, and R6900v2 before 1.2.0.36.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d7000r6120d7000_firmwarer6230r6700r6220_firmwarepr2000r6230_firmwarer6900r6120_firmwared6200_firmwarer6800r6900_firmwarer6050_firmwarer6050pr2000_firmwarer6260_firmwarer6260r6220d6200jr6150_firmwarejr6150r6700_firmwarer6800_firmwaren/a
CVE-2020-10926
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.5||HIGH
EPSS-0.06% / 19.96%
||
7 Day CHG~0.00%
Published-28 Jul, 2020 | 17:10
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of firmware updates. The issue results from the lack of proper validation of the firmware image prior to performing an upgrade. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9648.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-r6700_firmwarer6700R6700
CWE ID-CWE-494
Download of Code Without Integrity Check
CVE-2021-41314
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-3.65% / 87.39%
||
7 Day CHG~0.00%
Published-16 Sep, 2021 | 22:00
Updated-04 Aug, 2024 | 03:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR smart switches are affected by a \n injection in the web UI's password field, which - due to several faulty aspects of the authentication scheme - allows the attacker to create (or overwrite) a file with specific content (e.g., the "2" string). This leads to admin session crafting and therefore gaining full web UI admin privileges by an unauthenticated attacker. This affects GC108P before 1.0.8.2, GC108PP before 1.0.8.2, GS108Tv3 before 7.0.7.2, GS110TPP before 7.0.7.2, GS110TPv3 before 7.0.7.2, GS110TUP before 1.0.5.3, GS308T before 1.0.3.2, GS310TP before 1.0.3.2, GS710TUP before 1.0.5.3, GS716TP before 1.0.4.2, GS716TPP before 1.0.4.2, GS724TPP before 2.0.6.3, GS724TPv2 before 2.0.6.3, GS728TPPv2 before 6.0.8.2, GS728TPv2 before 6.0.8.2, GS750E before 1.0.1.10, GS752TPP before 6.0.8.2, GS752TPv2 before 6.0.8.2, MS510TXM before 1.0.4.2, and MS510TXUP before 1.0.4.2.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-gs710tup_firmwaregc108p_firmwaregs308tgs310tp_firmwaregs108tv3gs724tpgs110tupgs110tppgs716tppms510txup_firmwaregs752tppms510txupgs728tp_firmwaregs716tp_firmwarems510txm_firmwaregs728tpp_firmwarems510txmgs728tpgs110tpp_firmwaregs752tp_firmwaregc108pgs110tpgs716tpp_firmwaregs752tpgs710tupgc108ppgs308t_firmwaregs724tpp_firmwaregs110tup_firmwaregs724tppgs728tppgc108pp_firmwaregs752tpp_firmwaregs750egs110tp_firmwaregs750e_firmwaregs108t_firmwaregs716tpgs310tpgs724tp_firmwaren/a
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2020-35221
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.04% / 12.49%
||
7 Day CHG~0.00%
Published-10 Mar, 2021 | 17:48
Updated-04 Aug, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The hashing algorithm implemented for NSDP password authentication on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was found to be insecure, allowing attackers (with access to a network capture) to quickly generate multiple collisions to generate valid passwords, or infer some parts of the original.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-jgs516pe_firmwaregs116e_firmwaregs116ejgs516pen/a
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2017-18732
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.20% / 42.12%
||
7 Day CHG~0.00%
Published-23 Apr, 2020 | 16:23
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by authentication bypass. This affects R6300v2 before 1.0.4.8, PLW1000v2 before 1.0.0.14, and PLW1010v2 before 1.0.0.14.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-plw1000_firmwareplw1010plw1010_firmwarer6300r6300_firmwareplw1000n/a
CWE ID-CWE-287
Improper Authentication
CVE-2021-40866
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.43% / 79.85%
||
7 Day CHG~0.00%
Published-13 Sep, 2021 | 07:16
Updated-04 Aug, 2024 | 02:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR smart switches are affected by a remote admin password change by an unauthenticated attacker via the (disabled by default) /sqfs/bin/sccd daemon, which fails to check authentication when the authentication TLV is missing from a received NSDP packet. This affects GC108P before 1.0.8.2, GC108PP before 1.0.8.2, GS108Tv3 before 7.0.7.2, GS110TPP before 7.0.7.2, GS110TPv3 before 7.0.7.2, GS110TUP before 1.0.5.3, GS308T before 1.0.3.2, GS310TP before 1.0.3.2, GS710TUP before 1.0.5.3, GS716TP before 1.0.4.2, GS716TPP before 1.0.4.2, GS724TPP before 2.0.6.3, GS724TPv2 before 2.0.6.3, GS728TPPv2 before 6.0.8.2, GS728TPv2 before 6.0.8.2, GS750E before 1.0.1.10, GS752TPP before 6.0.8.2, GS752TPv2 before 6.0.8.2, MS510TXM before 1.0.4.2, and MS510TXUP before 1.0.4.2.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-gs710tup_firmwaregc108p_firmwaregs308tgs310tp_firmwaregs108tv3gs724tpgs110tupgs110tppgs716tppms510txup_firmwaregs752tppms510txupgs728tp_firmwaregs716tp_firmwarems510txm_firmwaregs728tpp_firmwarems510txmgs728tpgs110tpp_firmwaregs752tp_firmwaregc108pgs110tpgs716tpp_firmwaregs752tpgs710tupgc108ppgs308t_firmwaregs724tpp_firmwaregs110tup_firmwaregs724tppgs728tppgc108pp_firmwaregs752tpp_firmwaregs750egs110tp_firmwaregs750e_firmwaregs108t_firmwaregs716tpgs310tpgs724tp_firmwaren/a
CVE-2020-10923
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-6.5||MEDIUM
EPSS-43.60% / 97.43%
||
7 Day CHG~0.00%
Published-28 Jul, 2020 | 17:10
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on TCP port 5000. A crafted UPnP message can be used to bypass authentication. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-9642.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-r6700_firmwarer6700R6700
CWE ID-CWE-305
Authentication Bypass by Primary Weakness
CVE-2023-40480
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.58% / 80.84%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 02:11
Updated-03 Jan, 2025 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NETGEAR RAX30 DHCP Server Command Injection Remote Code Execution Vulnerability

NETGEAR RAX30 DHCP Server Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DHCP server. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19705.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-rax30_firmwarerax30RAX30rax30_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-27866
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-89.75% / 99.54%
||
7 Day CHG~0.00%
Published-11 Feb, 2021 | 23:35
Updated-04 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-11355.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-r6850_firmwarer6120r7450_firmwarer6220_firmwareac2600ac2400r6080_firmwarer7200_firmwarer6120_firmwarer6800r6260_firmwarer6260r6220r6020r6330_firmwareac2400_firmwarer7350_firmwarer7400_firmwarer6020_firmwarer7200r6350_firmwarer6080r6230r6700r6330r6800_firmwarer6230_firmwareac2100_firmwarer6900r6900_firmwarer7400ac2100r7450r6350r6850r6700_firmwarer7350ac2600_firmwareMultiple Routers
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-287
Improper Authentication
CVE-2020-11551
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.30% / 52.59%
||
7 Day CHG~0.00%
Published-18 May, 2020 | 15:45
Updated-04 Aug, 2024 | 11:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 V2.5.1.106. The administrative SOAP interface allows an unauthenticated remote write of arbitrary Wi-Fi configuration data such as authentication details (e.g., the Web-admin password), network settings, DNS settings, system administration interface configuration, etc.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs50y_firmwaresrr60srs60_firmwaresrs60rbs50ysrr60_firmwaren/a
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-330
Use of Insufficiently Random Values
CVE-2020-26907
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.27% / 49.71%
||
7 Day CHG~0.00%
Published-09 Oct, 2020 | 06:32
Updated-04 Aug, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs850rbs850_firmwarerbr850rbk852_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-40479
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.58% / 80.84%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 02:11
Updated-03 Jan, 2025 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NETGEAR RAX30 UPnP Command Injection Remote Code Execution Vulnerability

NETGEAR RAX30 UPnP Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19704.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-rax30_firmwarerax30RAX30rax30_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-26904
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.10% / 27.81%
||
7 Day CHG~0.00%
Published-09 Oct, 2020 | 06:33
Updated-04 Aug, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-cbr40rbs850rbk752_firmwarecbr40_firmwarerbk752rbs750_firmwarerbr750rbs750rbs850_firmwarerbr850rbk852_firmwarerbr750_firmwarerbk852rbr850_firmwaren/a
CVE-2017-18739
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 34.65%
||
7 Day CHG~0.00%
Published-23 Apr, 2020 | 16:02
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects R6220 before V1.1.0.50, R7800 before V1.0.2.36, WNDR3400v3 before 1.0.1.14, and WNDR3700v5 before V1.1.0.48.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r7800wndr3700r6220wndr3400_firmwarer6220_firmwarewndr3700_firmwarer7800_firmwarewndr3400n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2017-18733
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.16% / 37.49%
||
7 Day CHG~0.00%
Published-23 Apr, 2020 | 16:22
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by authentication bypass. This affects D6220 before 1.0.0.28, D6400 before 1.0.0.60, D8500 before 1.0.3.29, R6250 before 1.0.4.8, R6400 before 1.0.1.22, R6400v2 before 1.0.2.32, R7100LG before 1.0.0.32, R7300DST before 1.0.0.52, R8300 before 1.0.2.94, and R8500 before 1.0.2.100.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r8500d8500r8300_firmwarer6400_firmwarer7100lgd6400d6220r8300r7100lg_firmwarer7300dst_firmwarer8500_firmwared6400_firmwarer7300dstd6220_firmwarer6400d8500_firmwarer6250_firmwarer6250n/a
CWE ID-CWE-287
Improper Authentication
CVE-2023-35721
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.1||HIGH
EPSS-4.18% / 88.26%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:57
Updated-07 Aug, 2025 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NETGEAR Multiple Routers curl_post Improper Certificate Validation Remote Code Execution Vulnerability

NETGEAR Multiple Routers curl_post Improper Certificate Validation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the update functionality, which operates over HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-19981.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-rax50_firmwarerax50Multiple Routersrax50_firmware
CWE ID-CWE-295
Improper Certificate Validation
CVE-2023-35722
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.82% / 73.44%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:57
Updated-03 Jan, 2025 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NETGEAR RAX30 UPnP Command Injection Remote Code Execution Vulnerability

NETGEAR RAX30 UPnP Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of UPnP port mapping requests. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20429.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-rax30_firmwarerax30RAX30rax30
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-34285
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.80% / 73.19%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:57
Updated-03 Jan, 2025 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NETGEAR RAX30 cmsCli_authenticate Stack-based Buffer Overflow Remote Code Execution Vulnerability

NETGEAR RAX30 cmsCli_authenticate Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within a shared library used by the telnetd service, which listens on TCP port 23 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19918.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-rax30_firmwarerax30RAX30rax30
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-10924
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-51.95% / 97.82%
||
7 Day CHG~0.00%
Published-28 Jul, 2020 | 17:10
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the UPnP service, which listens on TCP port 5000 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9643.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-r6700_firmwarer6700R6700
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2023-27360
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.24%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:56
Updated-03 Jan, 2025 | 17:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NETGEAR RAX30 lighttpd Misconfiguration Remote Code Execution Vulnerability

NETGEAR RAX30 lighttpd Misconfiguration Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the lighttpd HTTP server. The issue results from allowing execution of files from untrusted sources. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19398.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-rax30_firmwarerax30RAX30rax30_firmware
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CWE ID-CWE-346
Origin Validation Error
CVE-2023-27358
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.76% / 72.39%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:56
Updated-09 Jan, 2025 | 15:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NETGEAR RAX30 SOAP Request SQL Injection Remote Code Execution Vulnerability

NETGEAR RAX30 SOAP Request SQL Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of specific SOAP requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the service account. Was ZDI-CAN-19754.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-rax30rax35rax38rax30_firmwarerax40_firmwarerax35_firmwarerax38_firmwareraxe300_firmwareraxe300rax40RAX30rax30_firmwarerax38_firmwarerax35_firmwareraxe300_firmwarerax40_firmware
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-27368
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.04% / 10.58%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:56
Updated-03 Jan, 2025 | 17:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability

NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the soap_serverd binary. When parsing SOAP message headers, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19839.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-rax30_firmwarerax30RAX30rax30
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found