Netgear Rbs850 Firmware vulnerabilities

146 known vulnerabilities affecting netgear/rbs850_firmware.

Total CVEs

146

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL29HIGH57MEDIUM59LOW1

Vulnerabilities

Page 5 of 8

CVE-2021-45576MEDIUMCVSS 6.8fixed in 3.2.16.62021-12-26

CVE-2021-45576 [MEDIUM] CWE-77 CVE-2021-45576: Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

nvd

CVE-2021-45667MEDIUMCVSS 4.8fixed in 3.2.16.62021-12-26

CVE-2021-45667 [MEDIUM] CWE-79 CVE-2021-45667: Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX20 before Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, R7960P before 1.4.1.66, RAX200 before 1.0.3.106, RBS40V before 2.6.1.4, RBW30 before 2.6.1.4, EX3700 before 1.0.0.90, MR60 before 1.0.6.110, R8000

nvd

CVE-2021-45592MEDIUMCVSS 6.8fixed in 3.2.16.62021-12-26

CVE-2021-45592 [MEDIUM] CWE-77 CVE-2021-45592: Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

nvd

CVE-2021-45563MEDIUMCVSS 6.8fixed in 3.2.16.62021-12-26

CVE-2021-45563 [MEDIUM] CWE-77 CVE-2021-45563: Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

nvd

CVE-2021-45669MEDIUMCVSS 4.8fixed in 3.2.16.62021-12-26

CVE-2021-45669 [MEDIUM] CWE-79 CVE-2021-45669: Certain NETGEAR devices are affected by stored XSS. This affects RAX200 before 1.0.3.106, MR60 befor Certain NETGEAR devices are affected by stored XSS. This affects RAX200 before 1.0.3.106, MR60 before 1.0.6.110, RAX20 before 1.0.2.82, RAX45 before 1.0.2.72, RAX80 before 1.0.3.106, MS60 before 1.0.6.110, RAX15 before 1.0.2.82, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, RBR750 before 3.2.16.6, RBR850 before 3.2.16.6, RBS750 before 3.2.16.6, RBS8

nvd

CVE-2021-45536MEDIUMCVSS 6.8fixed in 3.2.16.62021-12-26

CVE-2021-45536 [MEDIUM] CWE-77 CVE-2021-45536: Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RAX Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RAX75 before 1.0.3.106, RAX80 before 1.0.3.106, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

nvd

CVE-2021-45568MEDIUMCVSS 6.8fixed in 3.2.16.62021-12-26

CVE-2021-45568 [MEDIUM] CWE-77 CVE-2021-45568: Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

nvd

CVE-2021-45585MEDIUMCVSS 6.8fixed in 3.2.16.62021-12-26

CVE-2021-45585 [MEDIUM] CWE-77 CVE-2021-45585: Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

nvd

CVE-2021-45542MEDIUMCVSS 6.8fixed in 3.2.17.122021-12-26

CVE-2021-45542 [MEDIUM] CWE-77 CVE-2021-45542: Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RAX Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RAX200 before 1.0.4.120, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

nvd

CVE-2021-45580MEDIUMCVSS 6.8fixed in 3.2.16.62021-12-26

CVE-2021-45580 [MEDIUM] CWE-77 CVE-2021-45580: Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

nvd

CVE-2021-45537MEDIUMCVSS 6.8fixed in 3.2.16.62021-12-26

CVE-2021-45537 [MEDIUM] CWE-77 CVE-2021-45537: Certain NETGEAR devices are affected by command injection by an authenticated user . This affects RA Certain NETGEAR devices are affected by command injection by an authenticated user . This affects RAX200 before 1.0.3.106, RAX75 before 1.0.3.106, RAX80 before 1.0.3.106, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

nvd

CVE-2021-38513CRITICALCVSS 9.8fixed in 3.2.10.112021-08-11

CVE-2021-38513 [CRITICAL] CVE-2021-38513: Certain NETGEAR devices are affected by authentication bypass. This affects RBK852 before 3.2.10.11, Certain NETGEAR devices are affected by authentication bypass. This affects RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, RBS850 before 3.2.10.11, CBR40 before 2.5.0.10, EAX20 before 1.0.0.48, MK62 before 1.0.6.110, MR60 before 1.0.6.110, MS60 before 1.0.6.110, RBK752 before 3.2.10.10, RBR750 before 3.2.10.10, and RBS750 before 3.2.10.10.

nvd

CVE-2021-38516CRITICALCVSS 9.8fixed in 3.2.16.62021-08-11

CVE-2021-38516 [CRITICAL] CVE-2021-38516: Certain NETGEAR devices are affected by lack of access control at the function level. This affects D Certain NETGEAR devices are affected by lack of access control at the function level. This affects D6220 before 1.0.0.48, D6400 before 1.0.0.82, D7000v2 before 1.0.0.52, D7800 before 1.0.1.44, D8500 before 1.0.3.43, DC112A before 1.0.0.40, DGN2200v4 before 1.0.0.108, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, RBK20 before 2.3.0.2

nvd

CVE-2021-38527CRITICALCVSS 9.8fixed in 3.2.16.62021-08-11

CVE-2021-38527 [CRITICAL] CWE-77 CVE-2021-38527: Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affec Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.14, EX6100v2 before 1.0.1.98, EX6150v2 before 1.0.1.98, EX6250 before 1.0.0.132, EX6400 before 1.0.2.158, EX6400v2 before 1.0.0.132, EX6410 before 1.0.0.132, EX6420 before 1.0.0.132, EX7300 before 1.0.2.158, EX7300v2 before 1.0.

nvd

CVE-2021-38518HIGHCVSS 7.2fixed in 3.2.17.122021-08-11

CVE-2021-38518 [HIGH] CWE-77 CVE-2021-38518: Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RAX Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RAX200 before 1.0.4.120, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

nvd

CVE-2021-27239HIGHCVSS 8.8fixed in 3.2.17.122021-03-29

CVE-2021-27239 [HIGH] CWE-121 CVE-2021-27239: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400 and R6700 firmware version 1.0.4.98 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the upnpd service, which listens on UDP port 1900 by default. A crafted MX header field in a

nvd

CVE-2021-29076CRITICALCVSS 9.6fixed in 3.2.17.122021-03-23

CVE-2021-29076 [CRITICAL] CWE-77 CVE-2021-29076: Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affec Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

nvd

CVE-2021-29071CRITICALCVSS 9.0fixed in 3.2.17.122021-03-23

CVE-2021-29071 [CRITICAL] CWE-77 CVE-2021-29071: Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBR752 before 3.2.17.12, RBR753 before 3.2.17.12, RBR753S before 3.2.17.12, RBR754 before 3.2.17.12, RBR750 before 3.2.17.12, an

nvd

CVE-2021-29066CRITICALCVSS 9.6fixed in 3.2.17.122021-03-23

CVE-2021-29066 [CRITICAL] CVE-2021-29066: Certain NETGEAR devices are affected by authentication bypass. This affects RBK852 before 3.2.17.12, Certain NETGEAR devices are affected by authentication bypass. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

nvd

CVE-2021-29067CRITICALCVSS 9.6fixed in 3.2.17.122021-03-23

nvd

← Previous5 / 8Next →