Netgear Wac104 Firmware vulnerabilities

CVE-2021-44262 [HIGH] CWE-306 CVE-2021-44262: A vulnerability is in the 'MNU_top.htm' page of the Netgear W104, version WAC104-V1.0.4.13, which ca A vulnerability is in the 'MNU_top.htm' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes some key information for the device.

CVE-2021-44261 [MEDIUM] CWE-306 CVE-2021-44261: A vulnerability is in the 'BRS_top.html' page of the Netgear W104, version WAC104-V1.0.4.13, which c A vulnerability is in the 'BRS_top.html' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes firmware version information for the device.

CVE-2021-38532 [MEDIUM] CVE-2021-38532: NETGEAR WAC104 devices before 1.0.4.15 are affected by incorrect configuration of security settings. NETGEAR WAC104 devices before 1.0.4.15 are affected by incorrect configuration of security settings.

CVE-2021-35973 [CRITICAL] CVE-2021-35973: NETGEAR WAC104 devices before 1.0.4.15 are affected by an authentication bypass vulnerability in /us NETGEAR WAC104 devices before 1.0.4.15 are affected by an authentication bypass vulnerability in /usr/sbin/mini_httpd, allowing an unauthenticated attacker to invoke any action by adding the ¤tsetting.htm substring to the HTTP query, a related issue to CVE-2020-27866. This directly allows the attacker to change the web UI password, and eventually to enabl

CVE-2020-35788 [HIGH] CWE-120 CVE-2020-35788: NETGEAR WAC104 devices before 1.0.4.13 are affected by a buffer overflow by an authenticated user. NETGEAR WAC104 devices before 1.0.4.13 are affected by a buffer overflow by an authenticated user.