Netgear Multiple Routers vulnerabilities

9 known vulnerabilities affecting netgear/multiple_routers.

Total CVEs
9
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH5MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2021-34982HIGHCVSS 8.8vV1.0.11.116_10.2.1002024-05-07
CVE-2021-34982 [HIGH] CWE-121 CVE-2021-34982: NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which lis
cvelistv5nvd
CVE-2021-34983MEDIUMCVSS 6.5vV1.0.11.116_10.2.1002024-05-07
CVE-2021-34983 [MEDIUM] CWE-306 CVE-2021-34983: NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure V NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within
cvelistv5nvd
CVE-2023-35721HIGHCVSS 8.8v1.0.12.120_2.0.832024-05-03
CVE-2023-35721 [HIGH] CWE-295 CVE-2023-35721: NETGEAR Multiple Routers curl_post Improper Certificate Validation Remote Code Execution Vulnerabili NETGEAR Multiple Routers curl_post Improper Certificate Validation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists
cvelistv5nvd
CVE-2021-34865HIGHCVSS 8.8v1.2.0.76_1.0.12022-01-25
CVE-2021-34865 [HIGH] CWE-287 CVE-2021-34865: This vulnerability allows network-adjacent attackers to bypass authentication on affected installati This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when a
cvelistv5nvd
CVE-2021-27239HIGHCVSS 8.8vfirmware version 1.0.4.982021-03-29
CVE-2021-27239 [HIGH] CWE-121 CVE-2021-27239: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400 and R6700 firmware version 1.0.4.98 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the upnpd service, which listens on UDP port 1900 by default. A crafted MX header field in a
cvelistv5nvd
CVE-2020-27867MEDIUMCVSS 6.8vfirmware version 1.2.0.62_1.0.12021-02-12
CVE-2020-27867 [MEDIUM] CWE-77 CVE-2020-27867: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanis
cvelistv5nvd
CVE-2020-27866HIGHCVSS 8.8PoCvfirmware version 1.2.0.62_1.0.12021-02-11
CVE-2020-27866 [HIGH] CWE-288 CVE-2020-27866: This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Authentication is not required to exploit this vulnerabi
cvelistv5
CVE-2020-17409MEDIUMCVSS 6.5v1.0.662020-10-13
CVE-2020-17409 [MEDIUM] CWE-288 CVE-2020-17409: This vulnerability allows network-adjacent attackers to disclose sensitive information on affected i This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6120, R6080, R6260, R6220, R6020, JNR3210, and WNR2020 routers with firmware 1.0.66. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP po
cvelistv5nvd
CVE-2020-15636CRITICALCVSS 9.8v1.0.4.84_10.0.582020-08-20
CVE-2020-15636 [CRITICAL] CWE-121 CVE-2020-15636: This vulnerability allows remote attackers to execute arbitrary code on affected installations of NE This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R6400, R6700, R7000, R7850, R7900, R8000, RS400, and XR300 routers with firmware 1.0.4.84_10.0.58. Authentication is not required to exploit this vulnerability. The specific flaw exists within the check_ra service. A crafted raePolicyVersion i
cvelistv5nvd