VARIoT IoT vulnerabilities database
| VAR-202112-2367 | CVE-2021-45581 | plural NETGEAR Command injection vulnerability in device |
CVSS V2: 5.2 CVSS V3: 6.8 Severity: MEDIUM |
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. plural NETGEAR A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects RBK752 prior to 3.2.16.6, RBR750 prior to 3.2.16.6, RBS750 prior to 3.2.16.6, RBK852 prior to 3.2.16.6, RBR850 prior to 3.2.16.6, and RBS850 prior to 3.2.16.6
| VAR-202112-2323 | CVE-2021-45626 | plural NETGEAR Command injection vulnerability in device |
CVSS V2: 5.8 CVSS V3: 8.8 Severity: HIGH |
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK20 before 2.6.1.36, RBR20 before 2.6.1.36, RBS20 before 2.6.1.38, RBK40 before 2.6.1.36, RBR40 before 2.6.1.36, RBS40 before 2.6.1.38, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, and RBS50Y before 2.6.1.40. plural NETGEAR A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects RBK20 prior to 2.6.1.36, RBR20 prior to 2.6.1.36, RBS20 prior to 2.6.1.38, RBK40 prior to 2.6.1.36, RBR40 prior to 2.6.1.36, RBS40 prior to 2.6.1.38, RBK50 prior to 2.6.1.40, RBR50 prior to 2.6.1.40, RBS50 prior to 2.6.1.40, and RBS50Y prior to 2.6.1.40
| VAR-202112-2314 | CVE-2021-45635 | plural NETGEAR Command injection vulnerability in device |
CVSS V2: 5.8 CVSS V3: 8.8 Severity: HIGH |
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. plural NETGEAR A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects CBR750 prior to 4.6.3.6, RBK752 prior to 3.2.17.12, RBR750 prior to 3.2.17.12, RBS750 prior to 3.2.17.12, RBK852 prior to 3.2.17.12, RBR850 prior to 3.2.17.12, and RBS850 prior to 3.2.17.12
| VAR-202112-2291 | CVE-2021-45658 | plural NETGEAR Device Injection Vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
Certain NETGEAR devices are affected by server-side injection. This affects D7800 before 1.0.1.58, DM200 before 1.0.0.66, EX2700 before 1.0.1.56, EX6150v2 before 1.0.1.86, EX6100v2 before 1.0.1.86, EX6200v2 before 1.0.1.78, EX6250 before 1.0.0.110, EX6410 before 1.0.0.110, EX6420 before 1.0.0.110, EX6400v2 before 1.0.0.110, EX7300 before 1.0.2.144, EX6400 before 1.0.2.144, EX7320 before 1.0.0.110, EX7300v2 before 1.0.0.110, R7500v2 before 1.0.3.48, R7800 before 1.0.2.68, R8900 before 1.0.5.2, R9000 before 1.0.5.2, RAX120 before 1.0.1.90, RBK40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20 before 2.5.1.16, RBK50 before 2.5.1.16, RBR50 before 2.5.1.16, RBS50 before 2.5.1.16, RBS50Y before 2.6.1.40, WN3000RPv2 before 1.0.0.78, WN3000RPv3 before 1.0.2.80, WNR2000v5 before 1.0.0.72, XR500 before 2.3.2.56, and XR700 before 1.0.1.20. plural NETGEAR The device has an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects D7800 prior to 1.0.1.58, DM200 prior to 1.0.0.66, EX2700 prior to 1.0.1.56, EX6150v2 prior to 1.0.1.86, EX6100v2 prior to 1.0.1.86, EX6200v2 prior to 1.0.1.78, EX6250 prior to 1.0.0.110, EX6410 prior to 1.0.0.110, EX6420 prior to 1.0.0.110, EX6400v2 prior to 1.0.0.110, EX7300 prior to 1.0.2.144, EX6400 prior to 1.0.2.144, EX7320 prior to 1.0.0.110, EX7300v2 prior to 1.0.0.110, R7500v2 prior to 1.0.3.48, R7800 prior to 1.0.2.68, R8900 prior to 1.0.5.2, R9000 prior to 1.0.5.2, RAX120 prior to 1.0.1.90, RBK40 prior to 2.5.1.16, RBK20 prior to 2.5.1.16, RBR20 prior to 2.5.1.16, RBS20 prior to 2.5.1.16, RBK50 prior to 2.5.1.16, RBR50 prior to 2.5.1.16, RBS50 prior to 2.5.1.16, RBS50Y prior to 2.6.1.40, WN3000RPv2 prior to 1.0.0.78, WN3000RPv3 prior to 1.0.2.80, WNR2000v5 prior to 1.0.0.72, XR500 prior to 2.3.2.56, and XR700 prior to 1.0.1.20
| VAR-202112-2211 | CVE-2021-45510 | NETGEAR XR1000 Vulnerabilities in devices |
CVSS V2: 5.8 CVSS V3: 8.8 Severity: HIGH |
NETGEAR XR1000 devices before 1.0.0.58 are affected by authentication bypass. NETGEAR XR1000 There is an unspecified vulnerability in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The NETGEAR XR1000 is NETGEAR's first WiFi 6-capable gaming router, part of its "Nighthawk Pro Gaming" series
| VAR-202112-2204 | CVE-2021-45517 | NETGEAR XR1000 Vulnerabilities in devices |
CVSS V2: 6.1 CVSS V3: 6.5 Severity: MEDIUM |
NETGEAR XR1000 devices before 1.0.0.58 are affected by denial of service. NETGEAR XR1000 There is an unspecified vulnerability in the device.Service operation interruption (DoS) It may be in a state
| VAR-202112-2203 | CVE-2021-45518 | NETGEAR XR1000 Vulnerabilities in devices |
CVSS V2: 6.1 CVSS V3: 6.5 Severity: MEDIUM |
NETGEAR XR1000 devices before 1.0.0.58 are affected by denial of service. NETGEAR XR1000 There is an unspecified vulnerability in the device.Service operation interruption (DoS) It may be in a state
| VAR-202112-2202 | CVE-2021-45519 | NETGEAR XR1000 Vulnerabilities in devices |
CVSS V2: 6.1 CVSS V3: 6.5 Severity: MEDIUM |
NETGEAR XR1000 devices before 1.0.0.58 are affected by denial of service. NETGEAR XR1000 There is an unspecified vulnerability in the device.Service operation interruption (DoS) It may be in a state
| VAR-202112-2295 | CVE-2021-45654 | NETGEAR XR1000 Device information disclosure vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
NETGEAR XR1000 devices before 1.0.0.58 are affected by disclosure of sensitive information
| VAR-202112-2208 | CVE-2021-45513 | NETGEAR XR1000 Command injection vulnerability in device |
CVSS V2: 5.8 CVSS V3: 9.6 Severity: CRITICAL |
NETGEAR XR1000 devices before 1.0.0.58 are affected by command injection by an unauthenticated attacker. NETGEAR XR1000 A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202112-2207 | CVE-2021-45514 | NETGEAR XR1000 Command injection vulnerability in device |
CVSS V2: 5.8 CVSS V3: 8.8 Severity: HIGH |
NETGEAR XR1000 devices before 1.0.0.58 are affected by command injection by an unauthenticated attacker. NETGEAR XR1000 A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The NETGEAR XR1000 is NETGEAR's first WiFi 6-capable gaming router, part of its "Nighthawk Pro Gaming" series. Detailed vulnerability details are currently unavailable
| VAR-202112-2248 | CVE-2021-32467 | plural MediaTek Out-of-Bounds Read Vulnerability in Microchips |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0; Out-of-bounds read). plural MediaTek Microchips contain an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be in a state
| VAR-202112-2247 | CVE-2021-32468 | plural MediaTek Out-of-Bounds Read Vulnerability in Microchips |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0; Out-of-bounds read). plural MediaTek Microchips contain an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be in a state
| VAR-202112-2246 | CVE-2021-32469 | plural MediaTek Out-of-Bounds Read Vulnerability in Microchips |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915 Affected Software Versions 7.4.0.0; Out-of-bounds read). plural MediaTek Microchips contain an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be in a state
| VAR-202112-2245 | CVE-2021-35055 | plural MediaTek Out-of-Bounds Write Vulnerability in Microchips |
CVSS V2: 9.3 CVSS V3: 8.8 Severity: HIGH |
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0; Out-of-bounds write). plural MediaTek Microchips have an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202112-2244 | CVE-2021-37560 | plural MediaTek Out-of-Bounds Write Vulnerability in Microchips |
CVSS V2: 9.3 CVSS V3: 8.8 Severity: HIGH |
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0; Out-of-bounds write). plural MediaTek Microchips have an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202112-2243 | CVE-2021-37561 | plural MediaTek Out-of-Bounds Write Vulnerability in Microchips |
CVSS V2: 9.3 CVSS V3: 8.8 Severity: HIGH |
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0; Out-of-bounds write). plural MediaTek Microchips have an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202112-2242 | CVE-2021-37562 | plural MediaTek Out-of-Bounds Read Vulnerability in Microchips |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0; Out-of-bounds read). plural MediaTek Microchips contain an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be in a state
| VAR-202112-2241 | CVE-2021-37563 | plural MediaTek Out-of-Bounds Write Vulnerability in Microchips |
CVSS V2: 9.3 CVSS V3: 8.8 Severity: HIGH |
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0; Out-of-bounds write). plural MediaTek Microchips have an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202112-2391 | CVE-2021-45557 | plural NETGEAR Command injection vulnerability in device |
CVSS V2: 6.5 CVSS V3: 8.8 Severity: HIGH |
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects GC108P before 1.0.8.2, GC108PP before 1.0.8.2, GS108Tv3 before 7.0.7.2, GS110TPv3 before 7.0.7.2, GS110TPP before 7.0.7.2, GS110TUP before 1.0.5.3, GS710TUP before 1.0.5.3, GS308T before 1.0.3.2, GS310TP before 1.0.3.2, GS710TUP before 1.0.5.3, GS716TP before 1.0.4.2, GS716TPP before 1.0.4.2, GS724TPP before 2.0.6.3, GS724TPv2 before 2.0.6.3, GS724TPP before 2.0.6.3, GS728TPPv2 before 6.0.8.2, GS728TPv2 before 6.0.8.2, GS752TPv2 before 6.0.8.2, GS752TPP before 6.0.8.2, GS750E before 1.0.1.10, MS510TXM before 1.0.4.2, and MS510TXUP before 1.0.4.2. plural NETGEAR A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects GC108P prior to 1.0.8.2, GC108PP prior to 1.0.8.2, GS108Tv3 prior to 7.0.7.2, GS110TPv3 prior to 7.0.7.2, GS110TPP prior to 7.0.7.2, GS110TUP prior to 1.0.5.3, GS710TUP prior to 1.0.5.3, GS308T prior to 1.0.3.2, GS310TP prior to 1.0.3.2, GS710TUP prior to 1.0.5.3, GS716TP prior to 1.0.4.2, GS716TPP prior to 1.0.4.2, GS724TPP prior to 2.0.6.3, GS724TPv2 prior to 2.0.6.3, GS724TPP prior to 2.0.6.3, GS728TPPv2 prior to 6.0.8.2, GS728TPv2 prior to 6.0.8.2, GS752TPv2 prior to 6.0.8.2, GS752TPP prior to 6.0.8.2, GS750E prior to 1.0.1.10, MS510TXM prior to 1.0.4.2, and MS510TXUP prior to 1.0.4.2