Netgear Rbk15 Firmware vulnerabilities

9 known vulnerabilities affecting netgear/rbk15_firmware.

Total CVEs
9
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH8MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2021-27251HIGHCVSS 8.8fixed in 2.7.2.1042021-04-14
CVE-2021-27251 [HIGH] CWE-319 CVE-2021-27251: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Authentication is not required to exploit this vulnerability The specific flaw exists within handling of firmware updates. The issue results from a fallback to a insecure protocol to deliver updates. An attacker can leve
nvd
CVE-2021-27252HIGHCVSS 8.8fixed in 2.7.2.1042021-04-14
CVE-2021-27252 [HIGH] CWE-78 CVE-2021-27252: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the vendor_specific DHCP opcode. The issue results from the lack of proper validation of a user
nvd
CVE-2021-27253HIGHCVSS 8.8fixed in 2.7.2.1042021-04-14
CVE-2021-27253 [HIGH] CWE-122 CVE-2021-27253: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the rc_service parameter provided to apply_bind.cg
nvd
CVE-2021-29068HIGHCVSS 8.8fixed in 2.6.1.442021-03-23
CVE-2021-29068 [CRITICAL] CWE-120 CVE-2021-29068: Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R67 Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R6700v3 before 1.0.4.98, R6400v2 before 1.0.4.98, R7000 before 1.0.11.106, R6900P before 1.3.2.124, R7000P before 1.3.2.124, R7900 before 1.0.4.26, R7850 before 1.0.5.60, R8000 before 1.0.4.58, RS400 before 1.5.0.48, R6400 before 1.0.1.62, R6700 before
nvd
CVE-2021-27254HIGHCVSS 8.8fixed in 2.7.2.1042021-03-05
CVE-2021-27254 [HIGH] CWE-259 CVE-2021-27254: This vulnerability allows network-adjacent attackers to bypass authentication on affected installati This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the apply_save.cgi endpoint. This issue results from the use of hard-coded encryption key. An attacker can leverage this vulnerability to
nvd
CVE-2021-27255HIGHCVSS 8.8fixed in 2.7.2.1042021-03-05
CVE-2021-27255 [HIGH] CWE-306 CVE-2021-27255: This vulnerability allows remote attackers to execute arbitrary code on affected installations of NE This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the refresh_status.aspx endpoint. The issue results from a lack of authentication required to start a service on the ser
nvd
CVE-2021-27256HIGHCVSS 8.8fixed in 2.7.2.1042021-03-05
CVE-2021-27256 [HIGH] CWE-78 CVE-2021-27256: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the rc_service parameter provided t
nvd
CVE-2021-27257MEDIUMCVSS 6.5fixed in 2.7.2.1042021-03-05
CVE-2021-27257 [MEDIUM] CWE-295 CVE-2021-27257: This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded infor This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via FTP. The issue results from the lack of proper vali
nvd
CVE-2020-27861HIGHCVSS 8.8fixed in 2.6.1.442021-02-12
CVE-2020-27861 [HIGH] CWE-78 CVE-2020-27861: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi 2.5.1.16 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UA_Parser utility. A crafted Host Name option in a DHCP request can trigger execution of a system call composed from
nvd