VARIoT IoT vulnerabilities database

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects CBR40 before 2.3.5.12, D7000v2 before 1.0.0.66, D8500 before 1.0.3.58, R6400 before 1.0.1.70, R7000 before 1.0.11.126, R6900P before 1.3.2.124, R7000P before 1.3.2.124, R7900 before 1.0.4.30, R8000 before 1.0.4.52, and WNR3500Lv2 before 1.2.0.62. plural NETGEAR A classic buffer overflow vulnerability exists on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects CBR40 prior to 2.3.5.12, D7000v2 prior to 1.0.0.66, D8500 prior to 1.0.3.58, R6400 prior to 1.0.1.70, R7000 prior to 1.0.11.126, R6900P prior to 1.3.2.124, R7000P prior to 1.3.2.124, R7900 prior to 1.0.4.30, R8000 prior to 1.0.4.52, and WNR3500Lv2 prior to 1.2.0.62

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7000v2 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX43 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX35v2 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, and XR1000 before 1.0.0.58. plural NETGEAR A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects D7000v2 prior to 1.0.0.74, LAX20 prior to 1.1.6.28, MK62 prior to 1.0.6.116, MR60 prior to 1.0.6.116, MS60 prior to 1.0.6.116, RAX15 prior to 1.0.3.96, RAX20 prior to 1.0.3.96, RAX200 prior to 1.0.4.120, RAX45 prior to 1.0.3.96, RAX50 prior to 1.0.3.96, RAX43 prior to 1.0.3.96, RAX40v2 prior to 1.0.3.96, RAX35v2 prior to 1.0.3.96, RAX75 prior to 1.0.4.120, RAX80 prior to 1.0.4.120, RBK752 prior to 3.2.17.12, RBR750 prior to 3.2.17.12, RBS750 prior to 3.2.17.12, RBK852 prior to 3.2.17.12, RBR850 prior to 3.2.17.12, RBS850 prior to 3.2.17.12, and XR1000 prior to 1.0.0.58

Certain NETGEAR devices are affected by disclosure of sensitive information. A UPnP request reveals a device's serial number, which can be used for a password reset. This affects D7800 before 1.0.1.66, EX2700 before 1.0.1.68, WN3000RPv2 before 1.0.0.90, WN3000RPv3 before 1.0.2.100, LBR1020 before 2.6.5.20, LBR20 before 2.6.5.32, R6700AX before 1.0.10.110, R7800 before 1.0.2.86, R8900 before 1.0.5.38, R9000 before 1.0.5.38, RAX10 before 1.0.10.110, RAX120v1 before 1.2.3.28, RAX120v2 before 1.2.3.28, RAX70 before 1.0.10.110, RAX78 before 1.0.10.110, XR450 before 2.3.2.130, XR500 before 2.3.2.130, and XR700 before 1.0.1.46. This affects D7800 prior to 1.0.1.66, EX2700 prior to 1.0.1.68, WN3000RPv2 prior to 1.0.0.90, WN3000RPv3 prior to 1.0.2.100, LBR1020 prior to 2.6.5.20, LBR20 prior to 2.6.5.32, R6700AX prior to 1.0.10.110, R7800 prior to 1.0.2.86, R8900 prior to 1.0.5.38, R9000 prior to 1.0.5.38, RAX10 prior to 1.0.10.110, RAX120v1 prior to 1.2.3.28, RAX120v2 prior to 1.2.3.28, RAX70 prior to 1.0.10.110, RAX78 prior to 1.0.10.110, XR450 prior to 2.3.2.130, XR500 prior to 2.3.2.130, and XR700 prior to 1.0.1.46

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, D6200 before 1.1.00.34, D6220 before 1.0.0.52, D6400 before 1.0.0.86, D7000 before 1.0.1.74, D7000v2 before 1.0.0.53, D7800 before 1.0.1.56, D8500 before 1.0.3.44, DC112A before 1.0.0.42, DGN2200v4 before 1.0.0.110, DGND2200Bv4 before 1.0.0.109, DM200 before 1.0.0.61, EX3700 before 1.0.0.76, EX3800 before 1.0.0.76, EX6120 before 1.0.0.46, EX6130 before 1.0.0.28, EX7000 before 1.0.1.78, PR2000 before 1.0.0.28, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6250 before 1.0.4.34, R6300v2 before 1.0.4.34, R6400 before 1.0.1.46, R6400v2 before 1.0.2.66, R6700 before 1.0.2.6, R6700v3 before 1.0.2.66, R6900 before 1.0.2.6, R7000 before 1.0.9.34, R7100LG before 1.0.0.50, R7500v2 before 1.0.3.40, R7900P before 1.4.1.50, R8000P before 1.4.1.50, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.28, RBK40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR20 before 2.3.0.28, RBR40 before 2.3.0.28, RBR50 before 2.3.0.32, RBS20 before 2.3.0.28, RBS40 before 2.3.0.28, RBS50 before 2.3.0.32, WN3000RPv2 before 1.0.0.78, WNDR3400v3 before 1.0.1.24, WNR2000v5 before 1.0.0.70, WNR2020 before 1.1.0.62, WNR3500Lv2 before 1.2.0.62, XR450 before 2.3.2.56, and XR500 before 2.3.2.56. plural NETGEAR There is an unspecified vulnerability in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects D3600 prior to 1.0.0.72, D6000 prior to 1.0.0.72, D6200 prior to 1.1.00.34, D6220 prior to 1.0.0.52, D6400 prior to 1.0.0.86, D7000 prior to 1.0.1.74, D7000v2 prior to 1.0.0.53, D7800 prior to 1.0.1.56, D8500 prior to 1.0.3.44, DC112A prior to 1.0.0.42, DGN2200v4 prior to 1.0.0.110, DGND2200Bv4 prior to 1.0.0.109, DM200 prior to 1.0.0.61, EX3700 prior to 1.0.0.76, EX3800 prior to 1.0.0.76, EX6120 prior to 1.0.0.46, EX6130 prior to 1.0.0.28, EX7000 prior to 1.0.1.78, PR2000 prior to 1.0.0.28, R6220 prior to 1.1.0.100, R6230 prior to 1.1.0.100, R6250 prior to 1.0.4.34, R6300v2 prior to 1.0.4.34, R6400 prior to 1.0.1.46, R6400v2 prior to 1.0.2.66, R6700 prior to 1.0.2.6, R6700v3 prior to 1.0.2.66, R6900 prior to 1.0.2.6, R7000 prior to 1.0.9.34, R7100LG prior to 1.0.0.50, R7500v2 prior to 1.0.3.40, R7900P prior to 1.4.1.50, R8000P prior to 1.4.1.50, R8900 prior to 1.0.4.12, R9000 prior to 1.0.4.12, RBK20 prior to 2.3.0.28, RBK40 prior to 2.3.0.28, RBK50 prior to 2.3.0.32, RBR20 prior to 2.3.0.28, RBR40 prior to 2.3.0.28, RBR50 prior to 2.3.0.32, RBS20 prior to 2.3.0.28, RBS40 prior to 2.3.0.28, RBS50 prior to 2.3.0.32, WN3000RPv2 prior to 1.0.0.78, WNDR3400v3 prior to 1.0.1.24, WNR2000v5 prior to 1.0.0.70, WNR2020 prior to 1.1.0.62, WNR3500Lv2 prior to 1.2.0.62, XR450 prior to 2.3.2.56, and XR500 prior to 2.3.2.56

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7000v2 before 1.0.0.66, D8500 before 1.0.3.58, R7000 before 1.0.11.110, R7100LG before 1.0.0.72, R7900 before 1.0.4.30, R8000 before 1.0.4.62, XR300 before 1.0.3.56, R7000P before 1.3.2.132, R8500 before 1.0.2.144, R6900P before 1.3.2.132, and R8300 before 1.0.2.144. plural NETGEAR A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects D7000v2 prior to 1.0.0.66, D8500 prior to 1.0.3.58, R7000 prior to 1.0.11.110, R7100LG prior to 1.0.0.72, R7900 prior to 1.0.4.30, R8000 prior to 1.0.4.62, XR300 prior to 1.0.3.56, R7000P prior to 1.3.2.132, R8500 prior to 1.0.2.144, R6900P prior to 1.3.2.132, and R8300 prior to 1.0.2.144

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects EX6100v2 before 1.0.1.106, EX6150v2 before 1.0.1.106, EX6250 before 1.0.0.146, EX6400 before 1.0.2.164, EX6400v2 before 1.0.0.146, EX6410 before 1.0.0.146, EX6420 before 1.0.0.146, EX7300 before 1.0.2.164, EX7300v2 before 1.0.0.146, EX7320 before 1.0.0.146, EX7700 before 1.0.0.222, LBR1020 before 2.6.5.16, LBR20 before 2.6.5.2, RBK352 before 4.3.4.7, RBK50 before 2.7.3.22, RBR350 before 4.3.4.7, RBR50 before 2.7.3.22, and RBS350 before 4.3.4.7. This affects EX6100v2 prior to 1.0.1.106, EX6150v2 prior to 1.0.1.106, EX6250 prior to 1.0.0.146, EX6400 prior to 1.0.2.164, EX6400v2 prior to 1.0.0.146, EX6410 prior to 1.0.0.146, EX6420 prior to 1.0.0.146, EX7300 prior to 1.0.2.164, EX7300v2 prior to 1.0.0.146, EX7320 prior to 1.0.0.146, EX7700 prior to 1.0.0.222, LBR1020 prior to 2.6.5.16, LBR20 prior to 2.6.5.2, RBK352 prior to 4.3.4.7, RBK50 prior to 2.7.3.22, RBR350 prior to 4.3.4.7, RBR50 prior to 2.7.3.22, and RBS350 prior to 4.3.4.7

NETGEAR XR1000 devices before 1.0.0.58 are affected by command injection by an unauthenticated attacker. NETGEAR XR1000 A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The NETGEAR XR1000 is NETGEAR's first WiFi 6-capable gaming router, part of its "Nighthawk Pro Gaming" series. Detailed vulnerability details are currently unavailable

MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0; Out-of-bounds read). plural MediaTek Microchips contain an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be in a state

MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0; Out-of-bounds read). plural MediaTek Microchips contain an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be in a state

MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915 Affected Software Versions 7.4.0.0; Out-of-bounds read). plural MediaTek Microchips contain an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be in a state

MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0; Out-of-bounds write). plural MediaTek Microchips have an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0; Out-of-bounds write). plural MediaTek Microchips have an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0; Out-of-bounds write). plural MediaTek Microchips have an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0; Out-of-bounds read). plural MediaTek Microchips contain an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be in a state

MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0; Out-of-bounds write). plural MediaTek Microchips have an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects R6260 before 1.1.0.76, R6800 before 1.2.0.62, R6700v2 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.62, AC2100 before 1.2.0.62, AC2400 before 1.2.0.62, and AC2600 before 1.2.0.62. plural NETGEAR The device contains a vulnerability related to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects R6260 prior to 1.1.0.76, R6800 prior to 1.2.0.62, R6700v2 prior to 1.2.0.62, R6900v2 prior to 1.2.0.62, R7450 prior to 1.2.0.62, AC2100 prior to 1.2.0.62, AC2400 prior to 1.2.0.62, and AC2600 prior to 1.2.0.62

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. plural NETGEAR A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects RBK752 prior to 3.2.16.6, RBR750 prior to 3.2.16.6, RBS750 prior to 3.2.16.6, RBK852 prior to 3.2.16.6, RBR850 prior to 3.2.16.6, and RBS850 prior to 3.2.16.6

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. plural NETGEAR A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects RBK752 prior to 3.2.16.6, RBR750 prior to 3.2.16.6, RBS750 prior to 3.2.16.6, RBK852 prior to 3.2.16.6, RBR850 prior to 3.2.16.6, and RBS850 prior to 3.2.16.6

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. plural NETGEAR A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects RBK752 prior to 3.2.16.6, RBR750 prior to 3.2.16.6, RBS750 prior to 3.2.16.6, RBK852 prior to 3.2.16.6, RBR850 prior to 3.2.16.6, and RBS850 prior to 3.2.16.6

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. plural NETGEAR A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects RBK752 prior to 3.2.16.6, RBR750 prior to 3.2.16.6, RBS750 prior to 3.2.16.6, RBK852 prior to 3.2.16.6, RBR850 prior to 3.2.16.6, and RBS850 prior to 3.2.16.6