VARIoT IoT vulnerabilities database
| VAR-202004-1461 | CVE-2017-18701 | NETGEAR R6700 and R6900 cross-site scripting vulnerability |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
Certain NETGEAR devices are affected by reflected XSS. This affects R6700 before 1.0.1.36 and R6900 before 1.0.1.34. NETGEAR R6700 and R6900 A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. NETGEAR R6700 and NETGEAR R6900 are both wireless routers of NETGEAR. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code. This affects R6700 prior to 1.0.1.36 and R6900 prior to 1.0.1.34
| VAR-202004-1414 | CVE-2017-18731 | plural NETGEAR Vulnerabilities in devices |
CVSS V2: 5.8 CVSS V3: 8.8 Severity: HIGH |
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R6100 before 1.0.1.16, R7500 before 1.0.0.112, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, and WNR2000v5 before 1.0.0.58. plural NETGEAR An unspecified vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R7800 is a wireless router of NETGEAR.
There are security vulnerabilities in many NETGEAR products. The vulnerabilities stem from misconfiguration of security settings. There is currently no detailed vulnerability details provided. This affects R6100 prior to 1.0.1.16, R7500 prior to 1.0.0.112, R7500v2 prior to 1.0.3.20, R7800 prior to 1.0.2.36, and WNR2000v5 prior to 1.0.0.58
| VAR-202004-1471 | CVE-2017-18711 | plural NETGEAR Vulnerabilities in devices |
CVSS V2: 5.8 CVSS V3: 8.8 Severity: HIGH |
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D7800 before 1.0.1.28, R6400 before 1.01.32, R6400v2 before 1.0.2.44, R6700 before 1.0.1.36, R6900 before 1.0.1.34, R6900P before 1.3.0.8, R7000 before 1.0.9.14, R7000P before 1.3.0.8, R7500v2 before 1.0.3.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR4300v2 before 1.0.0.48, and WNDR4500v3 before 1.0.0.48. plural NETGEAR An unspecified vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R6400, etc. are all products of NETGEAR. NETGEAR R6400 is a wireless router. NETGEAR R6700 is a wireless router. NETGEAR D7800 is a wireless modem. No detailed vulnerability details are currently provided. This affects D7800 prior to 1.0.1.28, R6400 prior to 1.01.32, R6400v2 prior to 1.0.2.44, R6700 prior to 1.0.1.36, R6900 prior to 1.0.1.34, R6900P prior to 1.3.0.8, R7000 prior to 1.0.9.14, R7000P prior to 1.3.0.8, R7500v2 prior to 1.0.3.20, R7800 prior to 1.0.2.40, R9000 prior to 1.0.2.52, WNDR4300v2 prior to 1.0.0.48, and WNDR4500v3 prior to 1.0.0.48
| VAR-202004-1413 | CVE-2017-18730 | plural NETGEAR Out-of-bounds write vulnerabilities in devices |
CVSS V2: 5.8 CVSS V3: 8.8 Severity: HIGH |
Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6020 before 1.0.0.30, R6080 before 1.0.0.30, R6120 before 1.0.0.36, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R6700, etc. are all products of NETGEAR. NETGEAR R6700 is a wireless router. NETGEAR D6200 is a wireless modem. NETGEAR R6800 is a wireless router. The vulnerability stems from the fact that when a network system or product performs an operation on memory, the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow. This affects D6200 prior to 1.1.00.24, R6020 prior to 1.0.0.30, R6080 prior to 1.0.0.30, R6120 prior to 1.0.0.36, R6700v2 prior to 1.1.0.42, R6800 prior to 1.1.0.42, and R6900v2 prior to 1.1.0.42
| VAR-202004-1685 | CVE-2018-21227 | plural NETGEAR Injection vulnerabilities in devices |
CVSS V2: 5.2 CVSS V3: 6.8 Severity: MEDIUM |
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, R6400v2 before 1.0.2.34, R6700 before 1.0.1.30, R6900 before 1.0.1.30, R6900P before 1.0.0.62, R7000 before 1.0.9.12, R7000P before 1.0.0.62, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R9000 before 1.0.3.10, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R6400, etc. are all products of NETGEAR. NETGEAR R6400 is a wireless router. NETGEAR R6700 is a wireless router. NETGEAR D7800 is a wireless modem.
Injection vulnerabilities exist in many NETGEAR products. The vulnerability stems from the fact that the network system or product lacks the correct verification of the user input data during the operation process of the user inputting the construction command, data structure or record, and the special elements are not filtered or correctly filtered, resulting in the analysis or analysis of the system or product. The explanation is wrong. No detailed vulnerability details are currently provided. This affects D7800 prior to 1.0.1.34, R6400v2 prior to 1.0.2.34, R6700 prior to 1.0.1.30, R6900 prior to 1.0.1.30, R6900P prior to 1.0.0.62, R7000 prior to 1.0.9.12, R7000P prior to 1.0.0.62, R7500v2 prior to 1.0.3.26, R7800 prior to 1.0.2.42, R9000 prior to 1.0.3.10, WNDR4300v2 prior to 1.0.0.50, and WNDR4500v3 prior to 1.0.0.50
| VAR-202004-1483 | CVE-2017-18723 | plural NETGEAR Out-of-bounds write vulnerabilities in devices |
CVSS V2: 5.8 CVSS V3: 8.8 Severity: HIGH |
Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R6700, etc. are all products of NETGEAR. NETGEAR R6700 is a wireless router. NETGEAR D6200 is a wireless modem. NETGEAR R6800 is a wireless router. This affects D6200 prior to 1.1.00.24, R6700v2 prior to 1.1.0.42, R6800 prior to 1.1.0.42, and R6900v2 prior to 1.1.0.42
| VAR-202004-1463 | CVE-2017-18703 | plural NETGEAR Cross-site request forgery vulnerability in device |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
plural NETGEAR A cross-site request forgery vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR EX6150, etc. are all products of NETGEAR. NETGEAR EX6150 is a wireless network signal extender. NETGEAR D7000 is a wireless modem. NETGEAR WNDR3700 is a wireless router. The vulnerability stems from the fact that the WEB application does not fully verify whether the request comes from a trusted user. An attacker can use this vulnerability to send an unexpected request to the server through the affected client. This affects D1500 prior to 1.0.0.25, D500 prior to 1.0.0.25, D6100 prior to 1.0.0.55, D7000 prior to 1.0.1.50, D7800 prior to 1.0.1.28, EX6100v2 prior to 1.0.1.60, EX6150v2 prior to 1.0.1.60, JNR1010v2 prior to 1.1.0.46, JR6150 prior to 1.0.1.16, JWNR2010v5 prior to 1.1.0.46, PR2000 prior to 1.0.0.18, R6020 prior to 1.0.0.26, R6050 prior to 1.0.1.16, R6080 prior to 1.0.0.26, R6100 prior to 1.0.1.20, R6220 prior to 1.1.0.60, R7500 prior to 1.0.0.118, R7500v2 prior to 1.0.3.20, R7800 prior to 1.0.2.40, R9000 prior to 1.0.2.52, WN3000RPv3 prior to 1.0.2.50, WN3100RPv2 prior to 1.0.0.40, WNDR3700v5 prior to 1.1.0.48, WNDR4300v2 prior to 1.0.0.48, WNDR4500v3 prior to 1.0.0.48, WNR1000v4 prior to 1.1.0.46, WNR2000v5 prior to 1.0.0.62, WNR2020 prior to 1.1.0.46, and WNR2050 prior to 1.1.0.46
| VAR-202004-1477 | CVE-2017-18717 | plural NETGEAR Out-of-bounds write vulnerabilities in devices |
CVSS V2: 5.8 CVSS V3: 8.8 Severity: HIGH |
Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R6700, etc. are all products of NETGEAR. NETGEAR R6700 is a wireless router. NETGEAR D6200 is a wireless modem. NETGEAR R6800 is a wireless router. This affects D6200 prior to 1.1.00.24, R6700v2 prior to 1.1.0.42, R6800 prior to 1.1.0.42, and R6900v2 prior to 1.1.0.42
| VAR-202004-1457 | CVE-2017-18697 | NETGEAR R7800 and R9000 Out-of-bounds write vulnerabilities in devices |
CVSS V2: 5.2 CVSS V3: 6.8 Severity: MEDIUM |
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R7800 before 1.0.2.40 and R9000 before 1.0.2.52. NETGEAR R7800 and R9000 The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R9000 and NETGEAR R7800 are both wireless routers of NETGEAR.
NETGEAR R7800 versions prior to 1.0.2.40 and R9000 versions prior to 1.0.2.52 have buffer overflow vulnerabilities, which can be exploited by attackers to cause buffer overflows or heap overflows. This affects R7800 prior to 1.0.2.40 and R9000 prior to 1.0.2.52
| VAR-202004-1479 | CVE-2017-18719 | plural NETGEAR Out-of-bounds write vulnerabilities in devices |
CVSS V2: 5.8 CVSS V3: 8.8 Severity: HIGH |
Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6020 before 1.1.00.26, R6080 before 1.1.00.26; R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R6700, etc. are all products of NETGEAR. NETGEAR R6700 is a wireless router. NETGEAR D6200 is a wireless modem. NETGEAR R6800 is a wireless router. This affects D6200 prior to 1.1.00.24, R6020 prior to 1.1.00.26, R6080 prior to 1.1.00.26; R6700v2 prior to 1.1.0.42, R6800 prior to 1.1.0.42, and R6900v2 prior to 1.1.0.42
| VAR-202004-1464 | CVE-2017-18704 | plural NETGEAR Information leakage vulnerabilities in devices |
CVSS V2: 3.3 CVSS V3: 6.5 Severity: MEDIUM |
Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects D6220 before 1.0.0.32, D6400 before 1.0.0.60, D8500 before 1.0.3.29, R6250 before 1.0.4.16, R6300v2 before 1.0.4.18, R6400 before 1.01.32, R6400v2 before 1.0.2.44, R6700 before 1.0.1.36, R6900 before 1.0.1.34, R7000 before 1.0.9.14, R7000P before 1.3.0.8, R6900P before 1.3.0.8, R7100LG before 1.0.0.34, R7300DST before 1.0.0.56, R7900 before 1.0.1.26, R8000 before 1.0.4.4, R8500 before 1.0.2.106, R8300 before 1.0.2.106, and WNDR3400v3 before 1.0.1.16. plural NETGEAR The device contains a vulnerability related to information leakage.Information may be obtained. NETGEAR R6400, etc. are all products of NETGEAR. NETGEAR R6400 is a wireless router. NETGEAR D6220 is a wireless modem. NETGEAR R6900 is a wireless router. This affects D6220 prior to 1.0.0.32, D6400 prior to 1.0.0.60, D8500 prior to 1.0.3.29, R6250 prior to 1.0.4.16, R6300v2 prior to 1.0.4.18, R6400 prior to 1.01.32, R6400v2 prior to 1.0.2.44, R6700 prior to 1.0.1.36, R6900 prior to 1.0.1.34, R7000 prior to 1.0.9.14, R7000P prior to 1.3.0.8, R6900P prior to 1.3.0.8, R7100LG prior to 1.0.0.34, R7300DST prior to 1.0.0.56, R7900 prior to 1.0.1.26, R8000 prior to 1.0.4.4, R8500 prior to 1.0.2.106, R8300 prior to 1.0.2.106, and WNDR3400v3 prior to 1.0.1.16
| VAR-202004-1462 | CVE-2017-18702 | NETGEAR R6220 Vulnerabilities in devices |
CVSS V2: 4.8 CVSS V3: 5.4 Severity: MEDIUM |
NETGEAR R6220 devices before 1.1.0.60 are affected by incorrect configuration of security settings. NETGEAR R6220 An unspecified vulnerability exists in the device.Information may be obtained and tampered with. NETGEAR R6220 is a wireless router of NETGEAR.
There are security vulnerabilities in NETGEAR R6220 before 1.1.0.60. No detailed vulnerability details are currently available
| VAR-202004-1459 | CVE-2017-18699 | NETGEAR R7800 and R9000 Out-of-bounds write vulnerabilities in devices |
CVSS V2: 5.2 CVSS V3: 6.8 Severity: MEDIUM |
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R7800 before 1.0.2.40 and R9000 before 1.0.2.52. NETGEAR R7800 and R9000 The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R9000 and NETGEAR R7800 are both wireless routers of NETGEAR.
NETGEAR R7800 versions prior to 1.0.2.40 and R9000 versions prior to 1.0.2.52 have buffer overflow vulnerabilities, which can be exploited by attackers to cause buffer overflows or heap overflows. This affects R7800 prior to 1.0.2.40 and R9000 prior to 1.0.2.52
| VAR-202004-1476 | CVE-2017-18716 | plural NETGEAR Out-of-bounds write vulnerabilities in devices |
CVSS V2: 5.8 CVSS V3: 8.8 Severity: HIGH |
Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R6700, etc. are all products of NETGEAR. NETGEAR R6700 is a wireless router. NETGEAR D6200 is a wireless modem. NETGEAR R6800 is a wireless router. This affects D6200 prior to 1.1.00.24, R6700v2 prior to 1.1.0.42, R6800 prior to 1.1.0.42, and R6900v2 prior to 1.1.0.42
| VAR-202004-1480 | CVE-2017-18720 | plural NETGEAR Authentication vulnerabilities in devices |
CVSS V2: 5.8 CVSS V3: 8.8 Severity: HIGH |
Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42. plural NETGEAR There is an authentication vulnerability in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R6700, etc. are all products of NETGEAR. NETGEAR R6700 is a wireless router. NETGEAR D6200 is a wireless modem. NETGEAR R6800 is a wireless router. This affects D6200 prior to 1.1.00.24, R6700v2 prior to 1.1.0.42, R6800 prior to 1.1.0.42, and R6900v2 prior to 1.1.0.42
| VAR-202004-1473 | CVE-2017-18713 | plural NETGEAR Information leakage vulnerabilities in devices |
CVSS V2: 3.3 CVSS V3: 6.5 Severity: MEDIUM |
Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects D7800 before 1.0.1.28, R6700 before 1.0.1.36, R6900 before 1.0.1.34, R7500v2 before 1.0.3.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR4300v2 before 1.0.0.48, and WNDR4500v3 before 1.0.0.48. plural NETGEAR The device contains a vulnerability related to information leakage.Information may be obtained. NETGEAR R6700, etc. are all products of NETGEAR. NETGEAR R6700 is a wireless router. NETGEAR D7800 is a wireless modem. NETGEAR R6900 is a wireless router.
There are security vulnerabilities in many NETGEAR products. This affects D7800 prior to 1.0.1.28, R6700 prior to 1.0.1.36, R6900 prior to 1.0.1.34, R7500v2 prior to 1.0.3.20, R7800 prior to 1.0.2.40, R9000 prior to 1.0.2.52, WNDR4300v2 prior to 1.0.0.48, and WNDR4500v3 prior to 1.0.0.48
| VAR-202004-1410 | CVE-2017-18727 | plural NETGEAR Out-of-bounds write vulnerabilities in devices |
CVSS V2: 5.8 CVSS V3: 8.8 Severity: HIGH |
Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R6700, etc. are all products of NETGEAR. NETGEAR R6700 is a wireless router. NETGEAR D6200 is a wireless modem. NETGEAR R6800 is a wireless router. This affects D6200 prior to 1.1.00.24, R6700v2 prior to 1.1.0.42, R6800 prior to 1.1.0.42, and R6900v2 prior to 1.1.0.42
| VAR-202004-1458 | CVE-2017-18698 | plural NETGEAR Out-of-bounds write vulnerabilities in devices |
CVSS V2: 5.2 CVSS V3: 6.8 Severity: MEDIUM |
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R6100 before 1.0.1.20, R7800 before 1.0.2.40, and R9000 before 1.0.2.52. NETGEAR R6100 , R7800 , R9000 The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R9000 is a wireless router of NETGEAR.
NETGEAR R6100 versions prior to 1.0.1.20, R7800 versions prior to 1.0.2.40 and R9000 versions prior to 1.0.2.52 have buffer overflow vulnerabilities, which can be exploited by attackers to cause buffer overflows or heap overflows. This affects R6100 prior to 1.0.1.20, R7800 prior to 1.0.2.40, and R9000 prior to 1.0.2.52
| VAR-202004-1470 | CVE-2017-18710 | NETGEAR R8300 and R8500 Information leakage vulnerabilities in devices |
CVSS V2: 3.3 CVSS V3: 4.3 Severity: MEDIUM |
Certain NETGEAR devices are affected by disclosure of sensitive information. This affects R8300 before 1.0.2.106 and R8500 before 1.0.2.106. NETGEAR R8500 and NETGEAR R8300 are both a wireless router of NETGEAR.
There are security vulnerabilities in NETGEAR R8300 versions before 1.0.2.106 and R8500 versions before 1.0.2.106. This affects R8300 prior to 1.0.2.106 and R8500 prior to 1.0.2.106
| VAR-202004-1412 | CVE-2017-18729 | plural NETGEAR Out-of-bounds write vulnerabilities in devices |
CVSS V2: 5.8 CVSS V3: 8.8 Severity: HIGH |
Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6020 before 1.0.0.30, R6080 before 1.0.0.30, R6120 before 1.0.0.36, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D6200, etc. are all products of NETGEAR. NETGEAR D6200 is a wireless modem. NETGEAR R6900 is a wireless router. NETGEAR R6800 is a wireless router. The vulnerability stems from the fact that when a network system or product performs an operation on memory, the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow. This affects D6200 prior to 1.1.00.24, R6020 prior to 1.0.0.30, R6080 prior to 1.0.0.30, R6120 prior to 1.0.0.36, R6700v2 prior to 1.1.0.42, R6800 prior to 1.1.0.42, and R6900v2 prior to 1.1.0.42