VARIoT IoT vulnerabilities database
| VAR-202112-2343 | CVE-2021-45606 | plural NETGEAR Out-of-bounds write vulnerabilities in devices |
CVSS V2: 6.5 CVSS V3: 8.8 Severity: HIGH |
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R6400 before 1.0.1.70, R7000 before 1.0.11.126, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX200 before 1.0.4.120, RS400 before 1.5.1.80, R6400v2 before 1.0.4.118, R7000P before 1.3.3.140, RAX80 before 1.0.4.120, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, and RAX75 before 1.0.4.120. plural NETGEAR The device contains a vulnerability related to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects R6400 prior to 1.0.1.70, R7000 prior to 1.0.11.126, R7900 prior to 1.0.4.46, R7900P prior to 1.4.2.84, R7960P prior to 1.4.2.84, R8000 prior to 1.0.4.74, R8000P prior to 1.4.2.84, RAX200 prior to 1.0.4.120, RS400 prior to 1.5.1.80, R6400v2 prior to 1.0.4.118, R7000P prior to 1.3.3.140, RAX80 prior to 1.0.4.120, R6700v3 prior to 1.0.4.118, R6900P prior to 1.3.3.140, and RAX75 prior to 1.0.4.120
| VAR-202112-2358 | CVE-2021-45591 | plural NETGEAR Command injection vulnerability in device |
CVSS V2: 5.2 CVSS V3: 6.8 Severity: MEDIUM |
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. plural NETGEAR A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects RBK752 prior to 3.2.16.6, RBR750 prior to 3.2.16.6, RBS750 prior to 3.2.16.6, RBK852 prior to 3.2.16.6, RBR850 prior to 3.2.16.6, and RBS850 prior to 3.2.16.6
| VAR-202112-2219 | CVE-2021-45502 | plural NETGEAR Vulnerabilities in devices |
CVSS V2: 5.8 CVSS V3: 8.8 Severity: HIGH |
Certain NETGEAR devices are affected by authentication bypass. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. plural NETGEAR There is an unspecified vulnerability in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects CBR750 prior to 4.6.3.6, RBK752 prior to 3.2.17.12, RBK752 prior to 3.2.17.12, RBR750 prior to 3.2.17.12, RBS750 prior to 3.2.17.12, RBK852 prior to 3.2.17.12, RBR850 prior to 3.2.17.12, and RBS850 prior to 3.2.17.12
| VAR-202112-2294 | CVE-2021-45655 | NETGEAR R6400 Device Injection Vulnerability |
CVSS V2: 5.2 CVSS V3: 6.8 Severity: MEDIUM |
NETGEAR R6400 devices before 1.0.1.70 are affected by server-side injection. NETGEAR R6400 The device has an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The NETGEAR R6400 is a wireless router from NETGEAR. No detailed vulnerability details are currently available
| VAR-202112-2325 | CVE-2021-45624 | plural NETGEAR Command injection vulnerability in device |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7000v2 before 1.0.0.66, D8500 before 1.0.3.58, R7000 before 1.0.11.110, R7100LG before 1.0.0.72, R7900 before 1.0.4.30, R8000 before 1.0.4.62, XR300 before 1.0.3.56, R7000P before 1.3.2.132, R8500 before 1.0.2.144, R6900P before 1.3.2.132, and R8300 before 1.0.2.144. plural NETGEAR A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects D7000v2 prior to 1.0.0.66, D8500 prior to 1.0.3.58, R7000 prior to 1.0.11.110, R7100LG prior to 1.0.0.72, R7900 prior to 1.0.4.30, R8000 prior to 1.0.4.62, XR300 prior to 1.0.3.56, R7000P prior to 1.3.2.132, R8500 prior to 1.0.2.144, R6900P prior to 1.3.2.132, and R8300 prior to 1.0.2.144
| VAR-202112-2334 | CVE-2021-45615 | plural NETGEAR Command injection vulnerability in device |
CVSS V2: 5.8 CVSS V3: 8.8 Severity: HIGH |
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000P before 1.4.2.84, R8300 before 1.0.2.154, R8500 before 1.0.2.154, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. plural NETGEAR A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects CBR40 prior to 2.5.0.24, CBR750 prior to 4.6.3.6, R7900P prior to 1.4.2.84, R7960P prior to 1.4.2.84, R8000P prior to 1.4.2.84, R8300 prior to 1.0.2.154, R8500 prior to 1.0.2.154, RBK752 prior to 3.2.17.12, RBR750 prior to 3.2.17.12, RBS750 prior to 3.2.17.12, RBK852 prior to 3.2.17.12, RBR850 prior to 3.2.17.12, and RBS850 prior to 3.2.17.12
| VAR-202112-2341 | CVE-2021-45608 | plural NETGEAR Integer overflow vulnerability in devices |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
Certain D-Link, Edimax, NETGEAR, TP-Link, Tenda, and Western Digital devices are affected by an integer overflow by an unauthenticated attacker. Remote code execution from the WAN interface (TCP port 20005) cannot be ruled out; however, exploitability was judged to be of "rather significant complexity" but not "impossible." The overflow is in SoftwareBus_dispatchNormalEPMsgOut in the KCodes NetUSB kernel module. Affected NETGEAR devices are D7800 before 1.0.1.68, R6400v2 before 1.0.4.122, and R6700v3 before 1.0.4.122. NETGEAR D7800 , R6400v2 , R6700v3 Exists in an integer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202112-2412 | CVE-2021-45536 | plural NETGEAR Command Injection Vulnerability in Command Injection Vulnerability in Devices |
CVSS V2: 5.2 CVSS V3: 6.8 Severity: MEDIUM |
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RAX75 before 1.0.3.106, RAX80 before 1.0.3.106, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. (DoS) It may be in a state. This affects RAX75 prior to 1.0.3.106, RAX80 prior to 1.0.3.106, RBK752 prior to 3.2.16.6, RBR750 prior to 3.2.16.6, RBS750 prior to 3.2.16.6, RBK852 prior to 3.2.16.6, RBR850 prior to 3.2.16.6, and RBS850 prior to 3.2.16.6
| VAR-202112-2422 | CVE-2021-45526 | plural NETGEAR Classic buffer overflow vulnerability in device |
CVSS V2: 6.5 CVSS V3: 8.8 Severity: HIGH |
Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects EX6000 before 1.0.0.38, EX6120 before 1.0.0.48, EX6130 before 1.0.0.30, R6300v2 before 1.0.4.52, R6400 before 1.0.1.52, R7000 before 1.0.11.126, R7900 before 1.0.4.30, R8000 before 1.0.4.52, R7000P before 1.3.2.124, R8000P before 1.4.1.50, RAX80 before 1.0.3.88, R6900P before 1.3.2.124, R7900P before 1.4.1.50, and RAX75 before 1.0.3.88. plural NETGEAR A classic buffer overflow vulnerability exists on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects EX6000 prior to 1.0.0.38, EX6120 prior to 1.0.0.48, EX6130 prior to 1.0.0.30, R6300v2 prior to 1.0.4.52, R6400 prior to 1.0.1.52, R7000 prior to 1.0.11.126, R7900 prior to 1.0.4.30, R8000 prior to 1.0.4.52, R7000P prior to 1.3.2.124, R8000P prior to 1.4.1.50, RAX80 prior to 1.0.3.88, R6900P prior to 1.3.2.124, R7900P prior to 1.4.1.50, and RAX75 prior to 1.0.3.88
| VAR-202112-2312 | CVE-2021-45637 | plural NETGEAR Out-of-bounds write vulnerabilities in devices |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects R6260 before 1.1.0.76, R6800 before 1.2.0.62, R6700v2 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.62, AC2100 before 1.2.0.62, AC2400 before 1.2.0.62, and AC2600 before 1.2.0.62. plural NETGEAR The device contains a vulnerability related to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects R6260 prior to 1.1.0.76, R6800 prior to 1.2.0.62, R6700v2 prior to 1.2.0.62, R6900v2 prior to 1.2.0.62, R7450 prior to 1.2.0.62, AC2100 prior to 1.2.0.62, AC2400 prior to 1.2.0.62, and AC2600 prior to 1.2.0.62
| VAR-202112-2402 | CVE-2021-45546 | plural NETGEAR Command injection vulnerability in device |
CVSS V2: 6.5 CVSS V3: 8.8 Severity: HIGH |
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7850 before 1.0.5.74, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX200 before 1.0.4.120, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, and RBS850 before 3.2.17.12. plural NETGEAR A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects R7850 prior to 1.0.5.74, R7900P prior to 1.4.2.84, R7960P prior to 1.4.2.84, R8000 prior to 1.0.4.74, R8000P prior to 1.4.2.84, RAX200 prior to 1.0.4.120, RAX75 prior to 1.0.4.120, RAX80 prior to 1.0.4.120, RBK752 prior to 3.2.17.12, RBK852 prior to 3.2.17.12, RBR750 prior to 3.2.17.12, RBR850 prior to 3.2.17.12, RBS750 prior to 3.2.17.12, and RBS850 prior to 3.2.17.12
| VAR-202112-2313 | CVE-2021-45636 | NETGEAR D7000 Out-of-bounds write vulnerabilities in devices |
CVSS V2: 5.8 CVSS V3: 8.8 Severity: HIGH |
NETGEAR D7000 devices before 1.0.1.82 are affected by a stack-based buffer overflow by an unauthenticated attacker. NETGEAR D7000 The device contains a vulnerability related to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Netgear NETGEAR D7000 is a wireless modem from Netgear
| VAR-202112-2286 | CVE-2021-45663 | NETGEAR R7000 Cross-site scripting vulnerabilities in devices |
CVSS V2: 3.5 CVSS V3: 5.4 Severity: MEDIUM |
NETGEAR R7000 devices before 1.0.11.126 are affected by stored XSS. NETGEAR R7000 A cross-site scripting vulnerability exists in the device.Information may be obtained and information may be tampered with
| VAR-202112-2401 | CVE-2021-45547 | plural NETGEAR Command injection vulnerability in device |
CVSS V2: 6.5 CVSS V3: 8.8 Severity: HIGH |
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7850 before 1.0.5.74, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX200 before 1.0.4.120, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, and RBS850 before 3.2.17.12. plural NETGEAR A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects R7850 prior to 1.0.5.74, R7900P prior to 1.4.2.84, R7960P prior to 1.4.2.84, R8000 prior to 1.0.4.74, R8000P prior to 1.4.2.84, RAX200 prior to 1.0.4.120, RAX75 prior to 1.0.4.120, RAX80 prior to 1.0.4.120, RBK752 prior to 3.2.17.12, RBK852 prior to 3.2.17.12, RBR750 prior to 3.2.17.12, RBR850 prior to 3.2.17.12, RBS750 prior to 3.2.17.12, and RBS850 prior to 3.2.17.12
| VAR-202112-2331 | CVE-2021-45618 | plural NETGEAR Command injection vulnerability in device |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7800 before 1.0.1.64, EX6200v2 before 1.0.1.86, EX6250 before 1.0.0.134, EX7700 before 1.0.0.216, EX8000 before 1.0.1.232, LBR20 before 2.6.3.50, R7800 before 1.0.2.80, R8900 before 1.0.5.26, R9000 before 1.0.5.26, RAX120 before 1.2.0.16, RBS50Y before 1.0.0.56, WNR2000v5 before 1.0.0.76, XR450 before 2.3.2.114, XR500 before 2.3.2.114, XR700 before 1.0.1.36, EX6150v2 before 1.0.1.98, EX7300 before 1.0.2.158, EX7320 before 1.0.0.134, EX6100v2 before 1.0.1.98, EX6400 before 1.0.2.158, EX7300v2 before 1.0.0.134, EX6410 before 1.0.0.134, RBR10 before 2.6.1.44, RBR20 before 2.6.2.104, RBR40 before 2.6.2.104, RBR50 before 2.7.2.102, EX6420 before 1.0.0.134, RBS10 before 2.6.1.44, RBS20 before 2.6.2.104, RBS40 before 2.6.2.104, RBS50 before 2.7.2.102, EX6400v2 before 1.0.0.134, RBK12 before 2.6.1.44, RBK20 before 2.6.2.104, RBK40 before 2.6.2.104, and RBK50 before 2.7.2.102. plural NETGEAR A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects D7800 prior to 1.0.1.64, EX6200v2 prior to 1.0.1.86, EX6250 prior to 1.0.0.134, EX7700 prior to 1.0.0.216, EX8000 prior to 1.0.1.232, LBR20 prior to 2.6.3.50, R7800 prior to 1.0.2.80, R8900 prior to 1.0.5.26, R9000 prior to 1.0.5.26, RAX120 prior to 1.2.0.16, RBS50Y prior to 1.0.0.56, WNR2000v5 prior to 1.0.0.76, XR450 prior to 2.3.2.114, XR500 prior to 2.3.2.114, XR700 prior to 1.0.1.36, EX6150v2 prior to 1.0.1.98, EX7300 prior to 1.0.2.158, EX7320 prior to 1.0.0.134, EX6100v2 prior to 1.0.1.98, EX6400 prior to 1.0.2.158, EX7300v2 prior to 1.0.0.134, EX6410 prior to 1.0.0.134, RBR10 prior to 2.6.1.44, RBR20 prior to 2.6.2.104, RBR40 prior to 2.6.2.104, RBR50 prior to 2.7.2.102, EX6420 prior to 1.0.0.134, RBS10 prior to 2.6.1.44, RBS20 prior to 2.6.2.104, RBS40 prior to 2.6.2.104, RBS50 prior to 2.7.2.102, EX6400v2 prior to 1.0.0.134, RBK12 prior to 2.6.1.44, RBK20 prior to 2.6.2.104, RBK40 prior to 2.6.2.104, and RBK50 prior to 2.7.2.102
| VAR-202112-2198 | CVE-2021-45523 | NETGEAR R7000 Classic buffer overflow vulnerability in device |
CVSS V2: 6.8 CVSS V3: 6.5 Severity: MEDIUM |
NETGEAR R7000 devices before 1.0.9.42 are affected by a buffer overflow by an authenticated user. NETGEAR R7000 A classic buffer overflow vulnerability exists on the device.Service operation interruption (DoS) It may be in a state. Netgear NETGEAR R7000 is a wireless router from Netgear. Attackers can exploit this vulnerability to perform buffer overflow attacks
| VAR-202112-2287 | CVE-2021-45662 | NETGEAR R7000 Cross-site scripting vulnerabilities in devices |
CVSS V2: 3.5 CVSS V3: 5.4 Severity: MEDIUM |
NETGEAR R7000 devices before 1.0.9.88 are affected by stored XSS. NETGEAR R7000 A cross-site scripting vulnerability exists in the device.Information may be obtained and information may be tampered with
| VAR-202112-2285 | CVE-2021-45664 | NETGEAR R7000 Cross-site scripting vulnerabilities in devices |
CVSS V2: 3.5 CVSS V3: 4.8 Severity: MEDIUM |
NETGEAR R7000 devices before 1.0.11.126 are affected by stored XSS. NETGEAR R7000 A cross-site scripting vulnerability exists in the device.Information may be obtained and information may be tampered with
| VAR-202112-2354 | CVE-2021-45595 | plural NETGEAR Command injection vulnerability in device |
CVSS V2: 6.5 CVSS V3: 8.8 Severity: HIGH |
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects LBR20 before 2.6.3.50, RBS50Y before 2.7.3.22, RBR10 before 2.7.3.22, RBR20 before 2.7.3.22, RBR40 before 2.7.3.22, RBR50 before 2.7.3.22, RBS10 before 2.7.3.22, RBS20 before 2.7.3.22, RBS40 before 2.7.3.22, RBS50 before 2.7.3.22, RBK12 before 2.7.3.22, RBK20 before 2.7.3.22, RBK40 before 2.7.3.22, and RBK50 before 2.7.3.22. plural NETGEAR A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects LBR20 prior to 2.6.3.50, RBS50Y prior to 2.7.3.22, RBR10 prior to 2.7.3.22, RBR20 prior to 2.7.3.22, RBR40 prior to 2.7.3.22, RBR50 prior to 2.7.3.22, RBS10 prior to 2.7.3.22, RBS20 prior to 2.7.3.22, RBS40 prior to 2.7.3.22, RBS50 prior to 2.7.3.22, RBK12 prior to 2.7.3.22, RBK20 prior to 2.7.3.22, RBK40 prior to 2.7.3.22, and RBK50 prior to 2.7.3.22
| VAR-202112-2314 | CVE-2021-45635 | plural NETGEAR Command injection vulnerability in device |
CVSS V2: 5.8 CVSS V3: 8.8 Severity: HIGH |
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. plural NETGEAR A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects CBR750 prior to 4.6.3.6, RBK752 prior to 3.2.17.12, RBR750 prior to 3.2.17.12, RBS750 prior to 3.2.17.12, RBK852 prior to 3.2.17.12, RBR850 prior to 3.2.17.12, and RBS850 prior to 3.2.17.12