Netgear R7450 Firmware vulnerabilities

33 known vulnerabilities affecting netgear/r7450_firmware.

Total CVEs

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL8HIGH15MEDIUM10

Vulnerabilities

Page 2 of 2

CVE-2020-27866HIGHCVSS 8.8PoCfixed in 1.2.0.762021-02-12

CVE-2020-27866 [HIGH] CWE-288 CVE-2020-27866: This vulnerability allows network-adjacent attackers to bypass authentication on affected installati This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_ht

nvd

CVE-2020-27867MEDIUMCVSS 6.8fixed in 1.2.0.762021-02-12

CVE-2020-27867 [MEDIUM] CWE-77 CVE-2020-27867: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanis

nvd

CVE-2020-27872HIGHCVSS 8.8fixed in 1.2.0.762021-02-04

CVE-2020-27872 [HIGH] CWE-642 CVE-2020-27872: This vulnerability allows network-adjacent attackers to bypass authentication on affected installati This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from improper state tracking in

nvd

CVE-2020-27873MEDIUMCVSS 6.5fixed in 1.2.0.762021-02-04

CVE-2020-27873 [MEDIUM] CWE-284 CVE-2020-27873: This vulnerability allows network-adjacent attackers to disclose sensitive information on affected i This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SOAP API endpoint, which listens on TCP port 80 by default. The issue results from the lack of prop

nvd

CVE-2020-35800CRITICALCVSS 9.4fixed in 1.2.0.722020-12-30

CVE-2020-35800 [CRITICAL] CVE-2020-35800: Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects A Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, CBK40 before 2.5.0.10, CBR40 before 2.5.0.10, D6000 before 1.0.0.80, D6220 before 1.0.0.60, D6400 before 1.0.0.94, D7000v2 before 1.0.0.62, D7800 before 1.0.3.48, D8500 before 1.0.3.50,

nvd

CVE-2020-35795CRITICALCVSS 9.8fixed in 1.2.0.722020-12-30

CVE-2020-35795 [CRITICAL] CWE-120 CVE-2020-35795: Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affec Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, CBK40 before 2.5.0.10, CBR40 before 2.5.0.10, D7800 before 1.0.1.58, EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX7500 before 1.0.0.68, MK62 before 1.0.5.102, MR60 before

nvd

CVE-2020-35841HIGHCVSS 7.6fixed in 1.2.0.622020-12-30

CVE-2020-35841 [MEDIUM] CWE-79 CVE-2020-35841: Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.38, D7000 befor Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JNR1010v2 before 1.1.0.62, JR6150 before 1.0.1.24, JWNR2010v5 before 1.1.0.62, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.76, R6700v2 before 1.2.0.6

nvd

CVE-2020-35803MEDIUMCVSS 4.4fixed in 1.2.0.742020-12-30

CVE-2020-35803 [MEDIUM] CVE-2020-35803: Certain NETGEAR devices are affected by disclosure of sensitive information. This affects D6200 befo Certain NETGEAR devices are affected by disclosure of sensitive information. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.46, R6080 before 1.0.0.46, R6120 before 1.0.0.72, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.76, R6700v2 before 1.2.0.74, R6800 before 1.2.0.74, R6900v2 before 1.2.0.74, R7450 bef

nvd

CVE-2020-26927CRITICALCVSS 9.8fixed in 1.2.0.622020-10-09

CVE-2020-26927 [CRITICAL] CVE-2020-26927: Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.40, Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.42, R6080 before 1.0.0.42, R6050 before 1.0.1.26, JR6150 before 1.0.1.26, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.66, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62,

nvd

CVE-2020-26912HIGHCVSS 8.8fixed in 1.2.0.622020-10-09

CVE-2020-26912 [HIGH] CWE-352 CVE-2020-26912: Certain NETGEAR devices are affected by CSRF. This affects D6200 before 1.1.00.38, D7000 before 1.0. Certain NETGEAR devices are affected by CSRF. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JR6150 before 1.0.1.24, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 befor

nvd

CVE-2020-26911HIGHCVSS 8.8fixed in 1.2.0.622020-10-09

CVE-2020-26911 [HIGH] CVE-2020-26911: Certain NETGEAR devices are affected by lack of access control at the function level. This affects D Certain NETGEAR devices are affected by lack of access control at the function level. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JR6150 before 1.0.1.24, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R690

nvd

CVE-2020-26914HIGHCVSS 7.1fixed in 1.2.0.622020-10-09

CVE-2020-26914 [MEDIUM] CWE-77 CVE-2020-26914: Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D62 Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JR6150 before 1.0.1.24, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.6

nvd

CVE-2020-26916MEDIUMCVSS 6.3fixed in 1.2.0.502020-10-09

CVE-2020-26916 [MEDIUM] CVE-2020-26916: Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JR6150 before 1.0.1.24, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6

nvd

← Previous2 / 2