VARIoT IoT vulnerabilities database
| VAR-202010-0573 | CVE-2020-26907 | plural NETGEAR Command injection vulnerabilities in devices |
CVSS V2: 7.7 CVSS V3: 8.8 Severity: High |
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. NETGEAR RBK852 , RBR850 , RBS850 A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
| VAR-202010-0568 | CVE-2020-26902 | plural NETGEAR Command injection vulnerabilities in devices |
CVSS V2: 8.3 CVSS V3: 8.8 Severity: HIGH |
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. plural NETGEAR A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
| VAR-202010-0917 | CVE-2020-26927 | plural NETGEAR Authentication vulnerability in device |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.42, R6080 before 1.0.0.42, R6050 before 1.0.1.26, JR6150 before 1.0.1.26, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.66, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, AC2100 before 1.2.0.62, AC2400 before 1.2.0.62, AC2600 before 1.2.0.62, R7450 before 1.2.0.62, and WNR2020 before 1.1.0.62. plural NETGEAR There is an authentication vulnerability in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
| VAR-202010-0587 | CVE-2020-26921 | plural NETGEAR Product vulnerabilities |
CVSS V2: 5.8 CVSS V3: 8.8 Severity: HIGH |
Certain NETGEAR devices are affected by authentication bypass. This affects GS110EMX before 1.0.1.7, GS810EMX before 1.7.1.3, XS512EM before 1.0.1.3, and XS724EM before 1.0.1.3. plural NETGEAR The product contains unspecified vulnerabilities.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. NETGEAR XS512EM, etc. are all products of NETGEAR. NETGEAR XS512EM is a switch. NETGEAR XS724EM is a switch. NETGEAR GS810EMX is an Ethernet switch.
Certain NETGEAR devices GS110EMX version before 1.0.1.7, GS810EMX version before 1.7.1.3, XS512EM version before 1.0.1.3, and XS724EM version before 1.0.1.3 have security vulnerabilities, which are caused by the lack of identity verification measures or identity verification in network systems or products Insufficient strength
| VAR-202010-0589 | CVE-2020-26923 | plural NETGEAR Cross-site scripting vulnerabilities in products |
CVSS V2: 3.5 CVSS V3: 4.8 Severity: MEDIUM |
Certain NETGEAR devices are affected by stored XSS. This affects WC7500 before 6.5.5.24, WC7600 before 6.5.5.24, WC7600v2 before 6.5.5.24, and WC9500 before 6.5.5.24. plural NETGEAR The product contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with
| VAR-202010-0918 | CVE-2020-26928 | plural NETGEAR Authentication vulnerability in device |
CVSS V2: 5.8 CVSS V3: 9.6 Severity: CRITICAL |
Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11. plural NETGEAR There is an authentication vulnerability in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
| VAR-202010-0916 | CVE-2020-26926 | plural NETGEAR Authentication vulnerability in device |
CVSS V2: 5.8 CVSS V3: 9.6 Severity: CRITICAL |
Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11. plural NETGEAR There is an authentication vulnerability in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
| VAR-202010-0566 | CVE-2020-26900 | plural NETGEAR Inadequate protection of credentials on devices Vulnerability |
CVSS V2: 3.3 CVSS V3: 8.8 Severity: HIGH |
Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. plural NETGEAR The device contains a vulnerability related to insufficient protection of credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
| VAR-202010-0921 | CVE-2020-26931 | plural NETGEAR Information leakage vulnerabilities in devices |
CVSS V2: 3.3 CVSS V3: 6.5 Severity: MEDIUM |
Certain NETGEAR devices are affected by disclosure of sensitive information. This affects WC7500 before 6.5.5.24, WC7600 before 6.5.5.24, WC7600v2 before 6.5.5.24, and WC9500 before 6.5.5.24
| VAR-202010-0919 | CVE-2020-26929 | NETGEAR R6220 and R6230 Command injection vulnerabilities in devices |
CVSS V2: 5.2 CVSS V3: 8.0 Severity: HIGH |
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6220 before 1.1.0.100 and R6230 before 1.1.0.100. NETGEAR R6220 and R6230 A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
| VAR-202010-0588 | CVE-2020-26922 | plural NETGEAR Command injection vulnerabilities in the product |
CVSS V2: 4.6 CVSS V3: 6.7 Severity: MEDIUM |
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WC7500 before 6.5.5.24, WC7600 before 6.5.5.24, WC7600v2 before 6.5.5.24, and WC9500 before 6.5.5.24. plural NETGEAR The product contains a command injection vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
| VAR-202010-0586 | CVE-2020-26920 | plural NETGEAR Command injection vulnerabilities in devices |
CVSS V2: 5.8 CVSS V3: 8.8 Severity: HIGH |
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects SRK60 before 2.5.3.110, SRR60 before 2.5.3.110, and SRS60 before 2.5.3.110. NETGEAR SRK60 , SRR60 , SRS60 A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. NETGEAR SRK60, etc. are all wireless routers from NETGEAR.
Certain NETGEAR devices SRK60 versions prior to 2.5.3.110, SRR60 versions prior to 2.5.3.110, and SRS60 versions prior to 2.5.3.110 have security vulnerabilities, which are caused by the lack of identity verification measures or insufficient identity verification strength in network systems or products. Attackers can use this vulnerability to bypass authentication
| VAR-202010-0582 | CVE-2020-26916 | plural NETGEAR Vulnerabilities in devices |
CVSS V2: 5.8 CVSS V3: 6.3 Severity: MEDIUM |
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JR6150 before 1.0.1.24, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.50, and WNR2020 before 1.1.0.62. plural NETGEAR An unspecified vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
| VAR-202010-0581 | CVE-2020-26915 | plural NETGEAR Cross-site scripting vulnerabilities in devices |
CVSS V2: 3.5 CVSS V3: 4.8 Severity: MEDIUM |
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and information may be tampered with
| VAR-202010-0583 | CVE-2020-26917 | plural NETGEAR Cross-site scripting vulnerabilities in devices |
CVSS V2: 3.5 CVSS V3: 4.8 Severity: MEDIUM |
Certain NETGEAR devices are affected by stored XSS. This affects EX7000 before 1.0.1.78, R6250 before 1.0.4.34, R6400 before 1.0.1.46, R6400v2 before 1.0.2.66, R7100LG before 1.0.0.50, R7300DST before 1.0.0.70, R7900 before 1.0.3.8, R8300 before 1.0.2.128, and R8500 before 1.0.2.128. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and information may be tampered with
| VAR-202010-0571 | CVE-2020-26905 | plural NETGEAR Inadequate protection of credentials on devices Vulnerability |
CVSS V2: 3.3 CVSS V3: 8.8 Severity: HIGH |
Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11. plural NETGEAR The device contains a vulnerability related to insufficient protection of credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
| VAR-202010-0569 | CVE-2020-26903 | plural NETGEAR Inadequate protection of credentials on devices Vulnerability |
CVSS V2: 3.3 CVSS V3: 8.8 Severity: HIGH |
Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11. plural NETGEAR The device contains a vulnerability related to insufficient protection of credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
| VAR-202010-0570 | CVE-2020-26904 | plural NETGEAR Inadequate protection of credentials on devices Vulnerability |
CVSS V2: 3.3 CVSS V3: 8.8 Severity: HIGH |
Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11. plural NETGEAR The device contains a vulnerability related to insufficient protection of credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
| VAR-202010-0575 | CVE-2020-26909 | NETGEAR D7800 and R7500v2 Command injection vulnerabilities in devices |
CVSS V2: 8.3 CVSS V3: 8.8 Severity: HIGH |
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7800 before 1.0.1.58 and R7500v2 before 1.0.3.48. NETGEAR D7800 and R7500v2 A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
| VAR-202010-0591 | CVE-2020-26925 | NETGEAR GS808E Vulnerabilities in devices |
CVSS V2: 2.1 CVSS V3: 3.2 Severity: LOW |
NETGEAR GS808E devices before 1.7.1.0 are affected by denial of service. NETGEAR GS808E An unspecified vulnerability exists in the device.Denial of service (DoS) It may be put into a state