Netgear R8000P Firmware vulnerabilities

CVE-2021-34982 [HIGH] CWE-121 CVE-2021-34982: NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which lis

CVE-2021-34983 [MEDIUM] CWE-306 CVE-2021-34983: NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure V NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within

CVE-2022-27644 [HIGH] CWE-295 CVE-2022-27644: This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded infor This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper va

CVE-2022-27647 [HIGH] CWE-78 CVE-2022-27647: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the name or email field provided

CVE-2022-27642 [HIGH] CWE-863 CVE-2022-27642: This vulnerability allows network-adjacent attackers to bypass authentication on affected installati This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service. The issue results from incorrect string matching logic when accessing protected pages. An

CVE-2022-27646 [HIGH] CWE-121 CVE-2022-27646: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the circled daemon. A crafted circleinfo.txt fil

CVE-2022-27643 [HIGH] CWE-120 CVE-2022-27643: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SOAP requests. When parsing the SOAPAction header, the process does not properly validate th

CVE-2022-27645 [HIGH] CWE-306 CVE-2022-27645: This vulnerability allows network-adjacent attackers to bypass authentication on affected installati This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from the lack of authentication prior to allowing access to functionality. An attacke

CVE-2022-48322 [CRITICAL] CWE-787 CVE-2022-48322: NETGEAR Nighthawk WiFi Mesh systems and routers are affected by a stack-based buffer overflow vulner NETGEAR Nighthawk WiFi Mesh systems and routers are affected by a stack-based buffer overflow vulnerability. This affects MR60 before 1.1.7.132, MS60 before 1.1.7.132, R6900P before 1.3.3.154, R7000P before 1.3.3.154, R7960P before 1.4.4.94, and R8000P before 1.4.4.94.

CVE-2022-48176 [HIGH] CWE-787 CVE-2022-48176: Netgear routers R7000P before v1.3.3.154, R6900P before v1.3.3.154, R7960P before v1.4.4.94, and R80 Netgear routers R7000P before v1.3.3.154, R6900P before v1.3.3.154, R7960P before v1.4.4.94, and R8000P before v1.4.4.94 were discovered to contain a pre-authentication stack overflow.

CVE-2022-48196 [HIGH] CWE-120 CVE-2022-48196: Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affec Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects RAX40 before 1.0.2.60, RAX35 before 1.0.2.60, R6400v2 before 1.0.4.122, R6700v3 before 1.0.4.122, R6900P before 1.3.3.152, R7000P before 1.3.3.152, R7000 before 1.0.11.136, R7960P before 1.4.4.94, and R8000P before 1.4.4.94.

CVE-2021-45610 [CRITICAL] CWE-120 CVE-2021-45610: Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affec Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D6220 before 1.0.0.66, D6400 before 1.0.0.100, D7000v2 before 1.0.0.66, D8500 before 1.0.3.58, DC112A before 1.0.0.52, DGN2200v4 before 1.0.0.118, EAX80 before 1.0.1.64, R6250 before 1.0.4.48, R7000 before 1.0.11.110, R7100LG before 1.0.0.72, R79

CVE-2021-45620 [CRITICAL] CWE-77 CVE-2021-45620: Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affec Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, LAX20 before 1.1.6.28, MR60 before 1.0.6.116, MR80 before 1.1.2.20, MS60 before 1.0.6.116, MS80 before 1.1.2.20, MK62 before 1.0.6.116, MK83 before 1.1.2.2

CVE-2021-45622 [CRITICAL] CWE-77 CVE-2021-45622: Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affec Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, EX7500 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6400 before 1.0.1.70, R6400v2 before 1

CVE-2021-45616 [CRITICAL] CWE-77 CVE-2021-45616: Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affec Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 3.2.18.2, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.46, R7900P bef

CVE-2021-45527 [CRITICAL] CWE-120 CVE-2021-45527: Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D62 Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D6220 before 1.0.0.68, D6400 before 1.0.0.102, D7000v2 before 1.0.0.66, D8500 before 1.0.3.58, DC112A before 1.0.0.54, EX7000 before 1.0.1.94, EX7500 before 1.0.0.72, R6250 before 1.0.4.48, R6300v2 before 1.0.4.52, R6400 before 1.0.1.70, R6400v2 before

CVE-2021-45621 [CRITICAL] CWE-77 CVE-2021-45621: Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affec Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 3.2.18.2, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, EX3700 before 1.0.0.94, EX3800 before 1.0.0.94, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7000 before 1.0.1.104, EX7500 before 1.0.0.74, LAX20 bef

CVE-2021-45612 [CRITICAL] CWE-77 CVE-2021-45612: Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affec Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, EX7500 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6400v2 before 1.0.4.118, R6700v3 befor

CVE-2021-45617 [CRITICAL] CWE-77 CVE-2021-45617: Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affec Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX7500 before 1.0.0.72, R6400 before 1.0.1.68, R6900P before 1.3.2.132, R7000 before 1.0.11.116, R7000P before 1.3.2.132, R7900 before 1.0.4.38, R7960P before 1.4.1.66, R8000 bef

CVE-2021-45641 [MEDIUM] CVE-2021-45641: Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, D6200 before 1.1.00.34, D6220 before 1.0.0.52, D6400 before 1.0.0.86, D7000 before 1.0.1.74, D7000v2 before 1.0.0.53, D7800 before 1.0.1.56, D8500 before 1.0.3.44, DC112A before 1.0.0.42, DGN2200Bv4 before 1.0.0.10