Netgear Wnr2000V5 Firmware vulnerabilities

14 known vulnerabilities affecting netgear/wnr2000v5_firmware.

Total CVEs

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL7HIGH5MEDIUM2

Vulnerabilities

Page 1 of 1

CVE-2021-34947HIGHCVSS 8.8fixed in 1.0.0.782024-05-07

CVE-2021-34947 [HIGH] CWE-787 CVE-2021-34947: NETGEAR R7800 net-cgi Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability al NETGEAR R7800 net-cgi Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the soap_block_table file. The is

nvd

CVE-2021-45658CRITICALCVSS 9.8fixed in 1.0.0.722021-12-26

CVE-2021-45658 [HIGH] CWE-74 CVE-2021-45658: Certain NETGEAR devices are affected by server-side injection. This affects D7800 before 1.0.1.58, D Certain NETGEAR devices are affected by server-side injection. This affects D7800 before 1.0.1.58, DM200 before 1.0.0.66, EX2700 before 1.0.1.56, EX6150v2 before 1.0.1.86, EX6100v2 before 1.0.1.86, EX6200v2 before 1.0.1.78, EX6250 before 1.0.0.110, EX6410 before 1.0.0.110, EX6420 before 1.0.0.110, EX6400v2 before 1.0.0.110, EX7300 before 1.0.2.144, EX6

nvd

CVE-2021-45619CRITICALCVSS 9.8fixed in 1.0.0.762021-12-26

CVE-2021-45619 [CRITICAL] CWE-77 CVE-2021-45619: Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affec Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects EX6200v2 before 1.0.1.86, EX6250 before 1.0.0.134, EX7700 before 1.0.0.216, EX8000 before 1.0.1.232, LBR1020 before 2.6.3.58, LBR20 before 2.6.3.50, R7800 before 1.0.2.80, R8900 before 1.0.5.26, R9000 before 1.0.5.26, RBS50Y before 2.7.3.22, WNR20

nvd

CVE-2021-45618CRITICALCVSS 9.8fixed in 1.0.0.762021-12-26

CVE-2021-45618 [CRITICAL] CWE-77 CVE-2021-45618: Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affec Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7800 before 1.0.1.64, EX6200v2 before 1.0.1.86, EX6250 before 1.0.0.134, EX7700 before 1.0.0.216, EX8000 before 1.0.1.232, LBR20 before 2.6.3.50, R7800 before 1.0.2.80, R8900 before 1.0.5.26, R9000 before 1.0.5.26, RAX120 before 1.2.0.16, RBS50Y

nvd

CVE-2021-45641HIGHCVSS 8.8fixed in 1.0.0.702021-12-26

CVE-2021-45641 [MEDIUM] CVE-2021-45641: Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, D6200 before 1.1.00.34, D6220 before 1.0.0.52, D6400 before 1.0.0.86, D7000 before 1.0.1.74, D7000v2 before 1.0.0.53, D7800 before 1.0.1.56, D8500 before 1.0.3.44, DC112A before 1.0.0.42, DGN2200Bv4 before 1.0.0.10

nvd

CVE-2021-45640HIGHCVSS 7.2fixed in 1.0.0.702021-12-26

CVE-2021-45640 [LOW] CVE-2021-45640: Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, D6200 before 1.1.00.34, D6220 before 1.0.0.52, D6400 before 1.0.0.86, D7000 before 1.0.1.74, D7000v2 before 1.0.0.53, D7800 before 1.0.1.56, D8500 before 1.0.3.44, DC112A before 1.0.0.42, DGN2200v4 before 1.0.0.110, D

nvd

CVE-2021-45548HIGHCVSS 8.8fixed in 1.0.0.742021-12-26

CVE-2021-45548 [MEDIUM] CWE-77 CVE-2021-45548: Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D78 Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.60, DM200 before 1.0.0.66, EX2700 before 1.0.1.56, EX6150v2 before 1.0.1.86, EX6200v2 before 1.0.1.86, EX6250 before 1.0.0.128, EX6400 before 1.0.2.144, EX6400v2 before 1.0.0.128, EX6410 before 1.0.0.128, EX6420 before 1.0.0.128, EX7300

nvd

CVE-2021-29069HIGHCVSS 8.4fixed in 1.0.0.762021-03-23

CVE-2021-29069 [HIGH] CWE-77 CVE-2021-29069: Certain NETGEAR devices are affected by command injection by an authenticated user. This affects XR4 Certain NETGEAR devices are affected by command injection by an authenticated user. This affects XR450 before 2.3.2.114, XR500 before 2.3.2.114, and WNR2000v5 before 1.0.0.76.

nvd

CVE-2020-35799CRITICALCVSS 9.8fixed in 1.0.0.702020-12-30

CVE-2020-35799 [HIGH] CWE-787 CVE-2020-35799: Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.78, D6200 before 1.1.00.32, D7000 before 1.0.1.68, D7800 before 1.0.1.56, DM200 before 1.0.0.61, EX2700 before 1.0.1.52, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.7

nvd

CVE-2020-35808MEDIUMCVSS 4.8fixed in 1.0.0.662020-12-30

CVE-2020-35808 [MEDIUM] CWE-79 CVE-2020-35808: Certain NETGEAR devices are affected by stored XSS. This affects D6100 before 1.0.0.63, DM200 before Certain NETGEAR devices are affected by stored XSS. This affects D6100 before 1.0.0.63, DM200 before 1.0.0.61, R7800 before 1.0.2.52, R8900 before 1.0.4.12, R9000 before 1.0.4.12, WN3000RPv2 before 1.0.0.68, and WNR2000v5 before 1.0.0.66.

nvd

CVE-2020-26913MEDIUMCVSS 6.8fixed in 1.0.0.702020-10-09

CVE-2020-26913 [MEDIUM] CWE-787 CVE-2020-26913: Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.63, R7800 before 1.0.2.60, R8900 before 1.0.4.26, R9000 before 1.0.4.26, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, RBK40 before

nvd

CVE-2017-6862CRITICALCVSS 9.8KEVfixed in 1.0.0.422017-05-26

CVE-2017-6862 [CRITICAL] CWE-120 CVE-2017-6862: NETGEAR WNR2000v3 devices before 1.1.2.14, WNR2000v4 devices before 1.0.0.66, and WNR2000v5 devices NETGEAR WNR2000v3 devices before 1.1.2.14, WNR2000v4 devices before 1.0.0.66, and WNR2000v5 devices before 1.0.0.42 allow authentication bypass and remote code execution via a buffer overflow that uses a parameter in the administration webapp. The NETGEAR ID is PSV-2016-0261.

nvd

CVE-2016-10175CRITICALCVSS 9.8PoC≤ 1.0.0.342017-01-30

CVE-2016-10175 [CRITICAL] CWE-200 CVE-2016-10175: The NETGEAR WNR2000v5 router leaks its serial number when performing a request to the /BRS_netgear_s The NETGEAR WNR2000v5 router leaks its serial number when performing a request to the /BRS_netgear_success.html URI. This serial number allows a user to obtain the administrator username and password, when used in combination with the CVE-2016-10176 vulnerability that allows resetting the answers to the password-recovery questions.

nvd

CVE-2016-10176CRITICALCVSS 9.8PoC≤ 1.0.0.342017-01-30

CVE-2016-10176 [CRITICAL] CWE-20 CVE-2016-10176: The NETGEAR WNR2000v5 router allows an administrator to perform sensitive actions by invoking the ap The NETGEAR WNR2000v5 router allows an administrator to perform sensitive actions by invoking the apply.cgi URL on the web server of the device. This special URL is handled by the embedded web server (uhttpd) and processed accordingly. The web server also contains another URL, apply_noauth.cgi, that allows an unauthenticated user to perform sensiti

nvd