VARIoT IoT vulnerabilities database
| VAR-202112-2211 | CVE-2021-45510 | NETGEAR XR1000 Vulnerabilities in devices |
CVSS V2: 5.8 CVSS V3: 8.8 Severity: HIGH |
NETGEAR XR1000 devices before 1.0.0.58 are affected by authentication bypass. NETGEAR XR1000 There is an unspecified vulnerability in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The NETGEAR XR1000 is NETGEAR's first WiFi 6-capable gaming router, part of its "Nighthawk Pro Gaming" series
| VAR-202112-2204 | CVE-2021-45517 | NETGEAR XR1000 Vulnerabilities in devices |
CVSS V2: 6.1 CVSS V3: 6.5 Severity: MEDIUM |
NETGEAR XR1000 devices before 1.0.0.58 are affected by denial of service. NETGEAR XR1000 There is an unspecified vulnerability in the device.Service operation interruption (DoS) It may be in a state
| VAR-202112-2203 | CVE-2021-45518 | NETGEAR XR1000 Vulnerabilities in devices |
CVSS V2: 6.1 CVSS V3: 6.5 Severity: MEDIUM |
NETGEAR XR1000 devices before 1.0.0.58 are affected by denial of service. NETGEAR XR1000 There is an unspecified vulnerability in the device.Service operation interruption (DoS) It may be in a state
| VAR-202112-2202 | CVE-2021-45519 | NETGEAR XR1000 Vulnerabilities in devices |
CVSS V2: 6.1 CVSS V3: 6.5 Severity: MEDIUM |
NETGEAR XR1000 devices before 1.0.0.58 are affected by denial of service. NETGEAR XR1000 There is an unspecified vulnerability in the device.Service operation interruption (DoS) It may be in a state
| VAR-202112-2295 | CVE-2021-45654 | NETGEAR XR1000 Device information disclosure vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
NETGEAR XR1000 devices before 1.0.0.58 are affected by disclosure of sensitive information
| VAR-202112-2208 | CVE-2021-45513 | NETGEAR XR1000 Command injection vulnerability in device |
CVSS V2: 5.8 CVSS V3: 9.6 Severity: CRITICAL |
NETGEAR XR1000 devices before 1.0.0.58 are affected by command injection by an unauthenticated attacker. NETGEAR XR1000 A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202112-2207 | CVE-2021-45514 | NETGEAR XR1000 Command injection vulnerability in device |
CVSS V2: 5.8 CVSS V3: 8.8 Severity: HIGH |
NETGEAR XR1000 devices before 1.0.0.58 are affected by command injection by an unauthenticated attacker. NETGEAR XR1000 A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The NETGEAR XR1000 is NETGEAR's first WiFi 6-capable gaming router, part of its "Nighthawk Pro Gaming" series. Detailed vulnerability details are currently unavailable
| VAR-202112-2248 | CVE-2021-32467 | plural MediaTek Out-of-Bounds Read Vulnerability in Microchips |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0; Out-of-bounds read). plural MediaTek Microchips contain an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be in a state
| VAR-202112-2247 | CVE-2021-32468 | plural MediaTek Out-of-Bounds Read Vulnerability in Microchips |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0; Out-of-bounds read). plural MediaTek Microchips contain an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be in a state
| VAR-202112-2246 | CVE-2021-32469 | plural MediaTek Out-of-Bounds Read Vulnerability in Microchips |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915 Affected Software Versions 7.4.0.0; Out-of-bounds read). plural MediaTek Microchips contain an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be in a state
| VAR-202112-2245 | CVE-2021-35055 | plural MediaTek Out-of-Bounds Write Vulnerability in Microchips |
CVSS V2: 9.3 CVSS V3: 8.8 Severity: HIGH |
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0; Out-of-bounds write). plural MediaTek Microchips have an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202112-2244 | CVE-2021-37560 | plural MediaTek Out-of-Bounds Write Vulnerability in Microchips |
CVSS V2: 9.3 CVSS V3: 8.8 Severity: HIGH |
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0; Out-of-bounds write). plural MediaTek Microchips have an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202112-2243 | CVE-2021-37561 | plural MediaTek Out-of-Bounds Write Vulnerability in Microchips |
CVSS V2: 9.3 CVSS V3: 8.8 Severity: HIGH |
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0; Out-of-bounds write). plural MediaTek Microchips have an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202112-2242 | CVE-2021-37562 | plural MediaTek Out-of-Bounds Read Vulnerability in Microchips |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0; Out-of-bounds read). plural MediaTek Microchips contain an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be in a state
| VAR-202112-2241 | CVE-2021-37563 | plural MediaTek Out-of-Bounds Write Vulnerability in Microchips |
CVSS V2: 9.3 CVSS V3: 8.8 Severity: HIGH |
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0; Out-of-bounds write). plural MediaTek Microchips have an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202112-2384 | CVE-2021-45564 | plural NETGEAR Command injection vulnerability in device |
CVSS V2: 5.2 CVSS V3: 6.8 Severity: MEDIUM |
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. plural NETGEAR A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects RBK752 prior to 3.2.16.6, RBR750 prior to 3.2.16.6, RBS750 prior to 3.2.16.6, RBK852 prior to 3.2.16.6, RBR850 prior to 3.2.16.6, and RBS850 prior to 3.2.16.6
| VAR-202112-2380 | CVE-2021-45568 | plural NETGEAR Command injection vulnerability in device |
CVSS V2: 5.2 CVSS V3: 6.8 Severity: MEDIUM |
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. plural NETGEAR A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects RBK752 prior to 3.2.16.6, RBR750 prior to 3.2.16.6, RBS750 prior to 3.2.16.6, RBK852 prior to 3.2.16.6, RBR850 prior to 3.2.16.6, and RBS850 prior to 3.2.16.6
| VAR-202112-2372 | CVE-2021-45576 | plural NETGEAR Command injection vulnerability in device |
CVSS V2: 5.2 CVSS V3: 6.8 Severity: MEDIUM |
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. plural NETGEAR A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects RBK752 prior to 3.2.16.6, RBR750 prior to 3.2.16.6, RBS750 prior to 3.2.16.6, RBK852 prior to 3.2.16.6, RBR850 prior to 3.2.16.6, and RBS850 prior to 3.2.16.6
| VAR-202112-2373 | CVE-2021-45575 | plural NETGEAR Command injection vulnerability in device |
CVSS V2: 5.2 CVSS V3: 6.8 Severity: MEDIUM |
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. plural NETGEAR A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects RBK752 prior to 3.2.16.6, RBR750 prior to 3.2.16.6, RBS750 prior to 3.2.16.6, RBK852 prior to 3.2.16.6, RBR850 prior to 3.2.16.6, and RBS850 prior to 3.2.16.6
| VAR-202112-2377 | CVE-2021-45571 | plural NETGEAR Command injection vulnerability in device |
CVSS V2: 5.2 CVSS V3: 6.8 Severity: MEDIUM |
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. plural NETGEAR A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects RBK752 prior to 3.2.16.6, RBR750 prior to 3.2.16.6, RBS750 prior to 3.2.16.6, RBK852 prior to 3.2.16.6, RBR850 prior to 3.2.16.6, and RBS850 prior to 3.2.16.6