Netgear Xr500 Firmware vulnerabilities
118 known vulnerabilities affecting netgear/xr500_firmware.
Total CVEs
118
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL8HIGH42MEDIUM67LOW1
Vulnerabilities
Page 4 of 6
CVE-2020-35809MEDIUMCVSS 4.8fixed in 2.3.2.562020-12-30
CVE-2020-35809 [MEDIUM] CWE-79 CVE-2020-35809: Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 befo
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.
nvd
CVE-2020-26915MEDIUMCVSS 4.8fixed in 2.3.2.562020-10-09
CVE-2020-26915 [MEDIUM] CWE-79 CVE-2020-26915: Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 befo
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.
nvd
CVE-2020-26913MEDIUMCVSS 6.8fixed in 2.3.2.402020-10-09
CVE-2020-26913 [MEDIUM] CWE-787 CVE-2020-26913: Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.63, R7800 before 1.0.2.60, R8900 before 1.0.4.26, R9000 before 1.0.4.26, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, RBK40 before
nvd
CVE-2020-13245MEDIUMCVSS 5.9≥ v1.0.9.6_1.2.19, ≤ v1.0.11.100_10.2.1002020-05-28
CVE-2020-13245 [MEDIUM] CWE-295 CVE-2020-13245: Certain NETGEAR devices are affected by Missing SSL Certificate Validation. This affects R7000 1.0.9
Certain NETGEAR devices are affected by Missing SSL Certificate Validation. This affects R7000 1.0.9.6_1.2.19 through 1.0.11.100_10.2.10, and possibly R6120, R7800, R6220, R8000, R6350, R9000, R6400, RAX120, R6400v2, RBR20, R6800, XR300, R6850, XR500, and R7000P.
nvd
CVE-2018-21116HIGHCVSS 8.8fixed in 2.3.2.322020-04-22
CVE-2018-21116 [HIGH] CVE-2018-21116: NETGEAR XR500 devices before 2.3.2.32 are affected by remote code execution by unauthenticated attac
NETGEAR XR500 devices before 2.3.2.32 are affected by remote code execution by unauthenticated attackers.
nvd
CVE-2018-21117HIGHCVSS 8.8fixed in 2.3.2.322020-04-22
CVE-2018-21117 [HIGH] CVE-2018-21117: NETGEAR XR500 devices before 2.3.2.32 are affected by remote code execution by unauthenticated attac
NETGEAR XR500 devices before 2.3.2.32 are affected by remote code execution by unauthenticated attackers via the traceroute handler.
nvd
CVE-2018-21115HIGHCVSS 8.8fixed in 2.3.2.322020-04-22
CVE-2018-21115 [HIGH] CWE-20 CVE-2018-21115: NETGEAR XR500 devices before 2.3.2.32 are affected by remote code execution by unauthenticated attac
NETGEAR XR500 devices before 2.3.2.32 are affected by remote code execution by unauthenticated attackers.
nvd
CVE-2018-21118HIGHCVSS 8.8fixed in 2.3.2.322020-04-22
CVE-2018-21118 [HIGH] CWE-287 CVE-2018-21118: NETGEAR XR500 devices before 2.3.2.32 are affected by authentication bypass.
NETGEAR XR500 devices before 2.3.2.32 are affected by authentication bypass.
nvd
CVE-2019-20703HIGHCVSS 8.0fixed in 2.3.2.322020-04-16
CVE-2019-20703 [HIGH] CWE-77 CVE-2019-20703: Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D36
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.
nvd
CVE-2019-20711HIGHCVSS 8.0fixed in 2.3.2.322020-04-16
CVE-2019-20711 [HIGH] CWE-77 CVE-2019-20711: Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D36
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.
nvd
CVE-2019-20702HIGHCVSS 8.0fixed in 2.3.2.322020-04-16
CVE-2019-20702 [HIGH] CWE-77 CVE-2019-20702: Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D36
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.
nvd
CVE-2019-20701HIGHCVSS 8.0fixed in 2.3.2.322020-04-16
CVE-2019-20701 [HIGH] CWE-77 CVE-2019-20701: Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D36
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.
nvd
CVE-2019-20709HIGHCVSS 8.0fixed in 2.3.2.322020-04-16
CVE-2019-20709 [HIGH] CWE-77 CVE-2019-20709: Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D36
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.
nvd
CVE-2019-20682HIGHCVSS 8.8fixed in 2.3.2.322020-04-16
CVE-2019-20682 [HIGH] CWE-787 CVE-2019-20682: Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker
Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6200 before 1.1.00.32, D7000 before 1.0.1.68, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6050 before 1.0.1.18, R6080 before 1.0.0.38, R6120 before 1.0.0.46, R6220
nvd
CVE-2019-20704HIGHCVSS 8.0fixed in 2.3.2.322020-04-16
CVE-2019-20704 [HIGH] CWE-77 CVE-2019-20704: Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D36
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.
nvd
CVE-2019-20705HIGHCVSS 8.0fixed in 2.3.2.322020-04-16
CVE-2019-20705 [HIGH] CWE-77 CVE-2019-20705: Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D36
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.
nvd
CVE-2019-20710HIGHCVSS 8.0fixed in 2.3.2.322020-04-16
CVE-2019-20710 [HIGH] CWE-77 CVE-2019-20710: Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D36
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.
nvd
CVE-2019-20683HIGHCVSS 8.8fixed in 2.3.2.322020-04-16
CVE-2019-20683 [HIGH] CWE-787 CVE-2019-20683: Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker
Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6200 before 1.1.00.32, D7000 before 1.0.1.68, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6050 before 1.0.1.18, R6080 before 1.0.0.38, R6120 before 1.0.0.46, R6220
nvd
CVE-2019-20707HIGHCVSS 8.0fixed in 2.3.2.322020-04-16
CVE-2019-20707 [HIGH] CWE-77 CVE-2019-20707: Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R78
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7800 before 1.0.2.60 and XR500 before 2.3.2.32.
nvd
CVE-2019-20708HIGHCVSS 8.0fixed in 2.3.2.322020-04-16
CVE-2019-20708 [HIGH] CWE-77 CVE-2019-20708: Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D36
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.
nvd