Vulnerabilites related to netgear - rax35
Vulnerability from fkie_nvd
Published
2021-08-11 00:16
Modified
2024-11-21 06:17
Severity ?
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects RAX35 before 1.0.3.94, RAX38 before 1.0.3.94, and RAX40 before 1.0.3.94.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | rax35_firmware | * | |
| netgear | rax35 | - | |
| netgear | rax38_firmware | * | |
| netgear | rax38 | - | |
| netgear | rax40_firmware | * | |
| netgear | rax40 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax35_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "35818150-8A74-466E-8BAE-85843BAF892D", versionEndExcluding: "1.0.3.94", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax35:-:*:*:*:*:*:*:*", matchCriteriaId: "4201E4D6-4DDF-4EF3-902A-960DFFF7C9A4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax38_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "78046B14-380D-4A14-842E-EB399718F329", versionEndExcluding: "1.0.3.94", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax38:-:*:*:*:*:*:*:*", matchCriteriaId: "BDA02FAE-E0C9-402F-9E7D-69EEDCC80053", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E75474DC-F025-4CB5-9ABD-2FEB024283C0", versionEndExcluding: "1.0.3.94", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax40:-:*:*:*:*:*:*:*", matchCriteriaId: "13D54346-4B03-4296-B050-04EB8CFCA732", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects RAX35 before 1.0.3.94, RAX38 before 1.0.3.94, and RAX40 before 1.0.3.94.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por un desbordamiento del búfer por un atacante no autenticado. Esto afecta a RAX35 versiones anteriores a 1.0.3.94, RAX38 versiones anteriores a 1.0.3.94 y RAX40 versiones anteriores a 1.0.3.94", }, ], id: "CVE-2021-38526", lastModified: "2024-11-21T06:17:20.413", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "cve@mitre.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-08-11T00:16:14.140", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000063782/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2020-0416", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000063782/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2020-0416", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-120", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-03-29 19:15
Modified
2024-11-21 06:56
Severity ?
Summary
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15762.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | lax20_firmware | * | |
| netgear | lax20 | - | |
| netgear | r6400_firmware | * | |
| netgear | r6400 | v2 | |
| netgear | r6700_firmware | * | |
| netgear | r6700 | v3 | |
| netgear | r7000_firmware | * | |
| netgear | r7000 | - | |
| netgear | r7850_firmware | * | |
| netgear | r7850 | - | |
| netgear | r7900p_firmware | * | |
| netgear | r7900p | - | |
| netgear | r7960p_firmware | * | |
| netgear | r7960p | - | |
| netgear | r8000_firmware | * | |
| netgear | r8000 | - | |
| netgear | r8000p_firmware | * | |
| netgear | r8000p | - | |
| netgear | r8500_firmware | * | |
| netgear | r8500 | - | |
| netgear | rax15_firmware | * | |
| netgear | rax15 | - | |
| netgear | rax20_firmware | * | |
| netgear | rax20 | - | |
| netgear | rax200_firmware | * | |
| netgear | rax200 | - | |
| netgear | rax35_firmware | * | |
| netgear | rax35 | v2 | |
| netgear | rax38_firmware | * | |
| netgear | rax38 | v2 | |
| netgear | rax40_firmware | * | |
| netgear | rax40 | v2 | |
| netgear | rax42_firmware | * | |
| netgear | rax42 | - | |
| netgear | rax43_firmware | * | |
| netgear | rax43 | - | |
| netgear | rax45_firmware | * | |
| netgear | rax45 | - | |
| netgear | rax48_firmware | * | |
| netgear | rax48 | - | |
| netgear | rax50_firmware | * | |
| netgear | rax50 | - | |
| netgear | rax50s_firmware | * | |
| netgear | rax50s | - | |
| netgear | rax75_firmware | * | |
| netgear | rax75 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:lax20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BF0F2B55-DBD3-4762-92EA-A01D57277A9D", versionEndExcluding: "1.1.6.34", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:lax20:-:*:*:*:*:*:*:*", matchCriteriaId: "491CEB8D-22F3-4F86-96F0-03C5C58BA295", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AFC79CFE-9036-472C-AB28-FF293BBE1780", versionEndExcluding: "1.0.4.126", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6400:v2:*:*:*:*:*:*:*", matchCriteriaId: "52AE9AD2-BC8D-477D-A3D3-891AE52FA5F3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "169E2D0D-7D18-4AF1-8683-346BD1069DC1", versionEndExcluding: "1.0.4.126", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6700:v3:*:*:*:*:*:*:*", matchCriteriaId: "5A09A9E8-8C77-4EDB-9483-B3C540EF083A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5376DD03-0DDD-4B0C-A185-EC226515B32A", versionEndExcluding: "1.0.11.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*", matchCriteriaId: "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7850_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8EA99A24-E836-40F4-BF61-C4489E3713F0", versionEndExcluding: "1.0.5.84", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7850:-:*:*:*:*:*:*:*", matchCriteriaId: "DAF94D73-B6D0-4334-9A41-83AA92B7C6DF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7900p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CBD3DCC5-342C-4E66-8BFB-545C2D375A81", versionEndExcluding: "1.4.3.88", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7900p:-:*:*:*:*:*:*:*", matchCriteriaId: "F3D6A70D-66AF-4064-9F1B-4358D4B1F016", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "150CF98F-A933-4CF2-A4FF-5AF15A9E1E18", versionEndExcluding: "1.4.3.88", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:*", matchCriteriaId: "091CEDB5-0069-4253-86D8-B9FE17CB9F24", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "72325BC2-C9AC-4B24-865E-662BDF05BD99", versionEndExcluding: "1.0.4.84", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*", matchCriteriaId: "5B39F095-8FE8-43FD-A866-7B613B495984", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "994D00CD-350B-4059-9C51-BF843C72B45E", versionEndExcluding: "1.4.3.88", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:*", matchCriteriaId: "F7EF872D-2537-4FEB-8799-499FC9D44339", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8EE6DCC3-C225-45A3-A6D0-52BA730EC285", versionEndExcluding: "1.0.2.158", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8500:-:*:*:*:*:*:*:*", matchCriteriaId: "63500DE4-BDBD-4F86-AB99-7DB084D0B912", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax15_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2D60F61B-2487-46D7-8B93-4035147AA0AB", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax15:-:*:*:*:*:*:*:*", matchCriteriaId: "B624B4D3-BCF4-4F95-B401-A88BEC3145A5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "35AE4A8C-19CF-44B0-83F1-F3386305B3E3", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax20:-:*:*:*:*:*:*:*", matchCriteriaId: "7038703C-C79D-4DD4-8B16-E1A5FC6694C0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C706F152-6163-4276-B608-C4AF196E070F", versionEndExcluding: "1.0.6.138", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:*", matchCriteriaId: "58EB0F2F-FB5C-47D9-9AE6-087AE517B3F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax35_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CF8ED09D-C874-45EB-AD84-1DB0129C55EC", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax35:v2:*:*:*:*:*:*:*", matchCriteriaId: "972BB714-8869-42C6-95F6-2C15AFA65716", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax38_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "59C7B1AC-0329-48A9-87AD-596C0EC7B3C6", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax38:v2:*:*:*:*:*:*:*", matchCriteriaId: "8306FEBE-ED60-47F0-AB49-E629018D7C33", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "04DAEBC1-A1A3-4329-AD32-D41E6576A9DA", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax40:v2:*:*:*:*:*:*:*", matchCriteriaId: "DD5F8B3F-C0D0-496C-A235-A467EA578C28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax42_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "756EAEA3-3DC5-4F2F-8C92-29C12FCEAE2C", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax42:-:*:*:*:*:*:*:*", matchCriteriaId: "D83182AB-E726-4371-B092-FA1920408FED", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax43_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "28B1B071-C0AD-46AA-8B3D-AF32D71E088C", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax43:-:*:*:*:*:*:*:*", matchCriteriaId: "178BB386-F66C-4CE8-9283-37D22B304691", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax45_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "97147D06-DBE4-420F-AF06-604C74710080", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax45:-:*:*:*:*:*:*:*", matchCriteriaId: "4B08BD69-CDCC-4CEB-B887-4E47D2B45D26", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax48_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6F540D5F-F4F5-47B1-B76F-C18004395596", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax48:-:*:*:*:*:*:*:*", matchCriteriaId: "09E50F2A-C46C-4875-84AB-04AA00BFA53F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3E1737CE-683A-4A8D-9DDC-9BCF1822ABCF", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax50:-:*:*:*:*:*:*:*", matchCriteriaId: "C430976E-24C0-4EA7-BF54-F9C188AB9C01", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax50s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F282A9F3-E07C-44EB-A21A-462A3DEDAB39", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax50s:-:*:*:*:*:*:*:*", matchCriteriaId: "DBB69710-DA7E-4011-A61A-BA40462A041F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E301ACAC-E217-4329-8A32-83946E61999E", versionEndExcluding: "1.0.6.138", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:*", matchCriteriaId: "1BAA74D7-36A1-4494-96A2-BD0D2D6BF22F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15762.", }, ], id: "CVE-2022-27645", lastModified: "2024-11-21T06:56:05.333", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "zdi-disclosures@trendmicro.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-03-29T19:15:08.637", references: [ { source: "zdi-disclosures@trendmicro.com", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000064722/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Fixed-Wireless-Products-PSV-2021-0325", }, { source: "zdi-disclosures@trendmicro.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-522/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000064722/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Fixed-Wireless-Products-PSV-2021-0325", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-522/", }, ], sourceIdentifier: "zdi-disclosures@trendmicro.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-306", }, ], source: "zdi-disclosures@trendmicro.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-697", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-03-29 19:15
Modified
2024-11-21 06:56
Severity ?
Summary
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the name or email field provided to libreadycloud.so. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15874.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:cax80_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6A7BD19F-A89B-4941-9422-E4FFBD76DBD2", versionEndExcluding: "2.1.3.7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:cax80:-:*:*:*:*:*:*:*", matchCriteriaId: "673A83EA-E359-4629-8B20-5382C15260B2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:lax20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BF0F2B55-DBD3-4762-92EA-A01D57277A9D", versionEndExcluding: "1.1.6.34", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:lax20:-:*:*:*:*:*:*:*", matchCriteriaId: "491CEB8D-22F3-4F86-96F0-03C5C58BA295", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:mr60_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A72582A2-5A44-4ED5-8497-FCAB59A125BE", versionEndExcluding: "1.1.6.124", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:mr60:-:*:*:*:*:*:*:*", matchCriteriaId: "65BB3ECD-2F0B-4625-A1DB-F6CEFC46E277", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:mr80_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6DC64FD2-5D52-4BA2-8A5B-8AC11BE06243", versionEndExcluding: "1.1.6.14", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:mr80:-:*:*:*:*:*:*:*", matchCriteriaId: "2A086E76-3F23-4C21-AC96-F11372A8A186", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ms60_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3F50C923-68DC-48EB-A41B-0D3F99B16E1F", versionEndExcluding: "1.1.6.124", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ms60:-:*:*:*:*:*:*:*", matchCriteriaId: "F003F064-591C-4D7C-9EC4-D0E553BC6683", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ms80_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "95E44445-7F76-4CD6-91AC-CEBC46DFA587", versionEndExcluding: "1.1.6.14", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ms80:-:*:*:*:*:*:*:*", matchCriteriaId: "DE1A0669-790A-4EE7-A0DC-6E1023D6B4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A41218DC-3A06-4582-A8B8-0320F76F3DFC", versionEndExcluding: "1.0.1.78", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6400:-:*:*:*:*:*:*:*", matchCriteriaId: "3E4CDF6B-3829-44D0-9675-71D7BE83CAA2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AFC79CFE-9036-472C-AB28-FF293BBE1780", versionEndExcluding: "1.0.4.126", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6400:v2:*:*:*:*:*:*:*", matchCriteriaId: "52AE9AD2-BC8D-477D-A3D3-891AE52FA5F3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "169E2D0D-7D18-4AF1-8683-346BD1069DC1", versionEndExcluding: "1.0.4.126", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6700:v3:*:*:*:*:*:*:*", matchCriteriaId: "5A09A9E8-8C77-4EDB-9483-B3C540EF083A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E52E9373-C896-405F-9CEC-2E8707B249F5", versionEndExcluding: "1.3.3.148", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*", matchCriteriaId: "C41908FF-AE64-4949-80E3-BEE061B2DA8A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5376DD03-0DDD-4B0C-A185-EC226515B32A", versionEndExcluding: "1.0.11.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*", matchCriteriaId: "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5D67D8C3-98DA-4B7D-BA7D-AB5F13E627F9", versionEndExcluding: "1.3.3.148", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*", matchCriteriaId: "DFE55F4D-E98B-46D3-B870-041141934CD1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7850_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8EA99A24-E836-40F4-BF61-C4489E3713F0", versionEndExcluding: "1.0.5.84", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7850:-:*:*:*:*:*:*:*", matchCriteriaId: "DAF94D73-B6D0-4334-9A41-83AA92B7C6DF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7900p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CBD3DCC5-342C-4E66-8BFB-545C2D375A81", versionEndExcluding: "1.4.3.88", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7900p:-:*:*:*:*:*:*:*", matchCriteriaId: "F3D6A70D-66AF-4064-9F1B-4358D4B1F016", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "150CF98F-A933-4CF2-A4FF-5AF15A9E1E18", versionEndExcluding: "1.4.3.88", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:*", matchCriteriaId: "091CEDB5-0069-4253-86D8-B9FE17CB9F24", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "72325BC2-C9AC-4B24-865E-662BDF05BD99", versionEndExcluding: "1.0.4.84", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*", matchCriteriaId: "5B39F095-8FE8-43FD-A866-7B613B495984", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "994D00CD-350B-4059-9C51-BF843C72B45E", versionEndExcluding: "1.4.3.88", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:*", matchCriteriaId: "F7EF872D-2537-4FEB-8799-499FC9D44339", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8EE6DCC3-C225-45A3-A6D0-52BA730EC285", versionEndExcluding: "1.0.2.158", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8500:-:*:*:*:*:*:*:*", matchCriteriaId: "63500DE4-BDBD-4F86-AB99-7DB084D0B912", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax15_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2D60F61B-2487-46D7-8B93-4035147AA0AB", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax15:-:*:*:*:*:*:*:*", matchCriteriaId: "B624B4D3-BCF4-4F95-B401-A88BEC3145A5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "35AE4A8C-19CF-44B0-83F1-F3386305B3E3", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax20:-:*:*:*:*:*:*:*", matchCriteriaId: "7038703C-C79D-4DD4-8B16-E1A5FC6694C0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C706F152-6163-4276-B608-C4AF196E070F", versionEndExcluding: "1.0.6.138", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:*", matchCriteriaId: "58EB0F2F-FB5C-47D9-9AE6-087AE517B3F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax35_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CF8ED09D-C874-45EB-AD84-1DB0129C55EC", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax35:v2:*:*:*:*:*:*:*", matchCriteriaId: "972BB714-8869-42C6-95F6-2C15AFA65716", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax38_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "59C7B1AC-0329-48A9-87AD-596C0EC7B3C6", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax38:v2:*:*:*:*:*:*:*", matchCriteriaId: "8306FEBE-ED60-47F0-AB49-E629018D7C33", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "04DAEBC1-A1A3-4329-AD32-D41E6576A9DA", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax40:v2:*:*:*:*:*:*:*", matchCriteriaId: "DD5F8B3F-C0D0-496C-A235-A467EA578C28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax42_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "756EAEA3-3DC5-4F2F-8C92-29C12FCEAE2C", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax42:-:*:*:*:*:*:*:*", matchCriteriaId: "D83182AB-E726-4371-B092-FA1920408FED", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax43_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "28B1B071-C0AD-46AA-8B3D-AF32D71E088C", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax43:-:*:*:*:*:*:*:*", matchCriteriaId: "178BB386-F66C-4CE8-9283-37D22B304691", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax45_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "97147D06-DBE4-420F-AF06-604C74710080", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax45:-:*:*:*:*:*:*:*", matchCriteriaId: "4B08BD69-CDCC-4CEB-B887-4E47D2B45D26", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax48_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6F540D5F-F4F5-47B1-B76F-C18004395596", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax48:-:*:*:*:*:*:*:*", matchCriteriaId: "09E50F2A-C46C-4875-84AB-04AA00BFA53F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3E1737CE-683A-4A8D-9DDC-9BCF1822ABCF", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax50:-:*:*:*:*:*:*:*", matchCriteriaId: "C430976E-24C0-4EA7-BF54-F9C188AB9C01", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax50s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F282A9F3-E07C-44EB-A21A-462A3DEDAB39", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax50s:-:*:*:*:*:*:*:*", matchCriteriaId: "DBB69710-DA7E-4011-A61A-BA40462A041F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E301ACAC-E217-4329-8A32-83946E61999E", versionEndExcluding: "1.0.6.138", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:*", matchCriteriaId: "1BAA74D7-36A1-4494-96A2-BD0D2D6BF22F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax80_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F8028906-D5AB-4CE6-8431-844E6F98B9AD", versionEndExcluding: "1.0.6.138", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax80:-:*:*:*:*:*:*:*", matchCriteriaId: "06B5A85C-3588-4263-B9AD-4E56D3F6CB16", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rs400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3BC7E8C9-62BD-45E2-8A7A-D29A6150622A", versionEndExcluding: "1.5.1.86", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rs400:-:*:*:*:*:*:*:*", matchCriteriaId: "2700644E-0940-4D05-B3CA-904D91739E58", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7100lg_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B98293B5-C804-4ED5-8344-12AA02E933CB", versionEndExcluding: "1.0.0.76", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7100lg:-:*:*:*:*:*:*:*", matchCriteriaId: "366FA778-3C2A-42AF-9141-DAD7043B406C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the name or email field provided to libreadycloud.so. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15874.", }, ], id: "CVE-2022-27647", lastModified: "2024-11-21T06:56:05.650", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.1, impactScore: 5.9, source: "zdi-disclosures@trendmicro.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-03-29T19:15:08.773", references: [ { source: "zdi-disclosures@trendmicro.com", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327", }, { source: "zdi-disclosures@trendmicro.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-524/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-524/", }, ], sourceIdentifier: "zdi-disclosures@trendmicro.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "zdi-disclosures@trendmicro.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-30 08:15
Modified
2024-11-21 07:32
Severity ?
7.4 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects RAX40 before 1.0.2.60, RAX35 before 1.0.2.60, R6400v2 before 1.0.4.122, R6700v3 before 1.0.4.122, R6900P before 1.3.3.152, R7000P before 1.3.3.152, R7000 before 1.0.11.136, R7960P before 1.4.4.94, and R8000P before 1.4.4.94.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | rax40_firmware | * | |
| netgear | rax40 | - | |
| netgear | rax35_firmware | * | |
| netgear | rax35 | - | |
| netgear | r6400v2_firmware | * | |
| netgear | r6400v2 | - | |
| netgear | r6700v3_firmware | * | |
| netgear | r6700v3 | - | |
| netgear | r6900p_firmware | * | |
| netgear | r6900p | - | |
| netgear | r7000p_firmware | * | |
| netgear | r7000p | - | |
| netgear | r7000_firmware | * | |
| netgear | r7000 | - | |
| netgear | r7960p_firmware | * | |
| netgear | r7960p | - | |
| netgear | r8000p_firmware | * | |
| netgear | r8000p | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B7F1E997-9077-4C40-9484-0D8318FC1D24", versionEndExcluding: "1.0.2.60", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax40:-:*:*:*:*:*:*:*", matchCriteriaId: "13D54346-4B03-4296-B050-04EB8CFCA732", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax35_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "564A0F53-CF09-4465-9685-44DF43E738BA", versionEndExcluding: "1.0.2.60", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax35:-:*:*:*:*:*:*:*", matchCriteriaId: "4201E4D6-4DDF-4EF3-902A-960DFFF7C9A4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6400v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4B7CB2A1-5875-48A1-90B7-9C906BD1B25D", versionEndExcluding: "1.0.4.122", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6400v2:-:*:*:*:*:*:*:*", matchCriteriaId: "AFE6B3A8-0601-44EA-AD9B-3BDDE6654FDF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6700v3_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9311417E-ACEB-4C05-A38B-72C1FA1834F2", versionEndExcluding: "1.0.4.122", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6700v3:-:*:*:*:*:*:*:*", matchCriteriaId: "C88DA385-5FAE-49EC-80D6-78F81E7EEC16", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BBBA3274-E99E-4E05-8EAB-A19F160B7F6E", versionEndExcluding: "1.3.3.152", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*", matchCriteriaId: "C41908FF-AE64-4949-80E3-BEE061B2DA8A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DAD44722-516C-4368-AB0D-32C65756D20D", versionEndExcluding: "1.3.3.152", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*", matchCriteriaId: "DFE55F4D-E98B-46D3-B870-041141934CD1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F831608B-72E4-46E0-BF46-25B9DDA925D1", versionEndExcluding: "1.0.11.136", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*", matchCriteriaId: "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D74FE2AE-C547-42B9-B5D8-AEED555AC1FF", versionEndExcluding: "1.4.4.94", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:*", matchCriteriaId: "091CEDB5-0069-4253-86D8-B9FE17CB9F24", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3ED98495-0A36-4388-BE03-54EF943D92C0", versionEndExcluding: "1.4.4.94", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:*", matchCriteriaId: "F7EF872D-2537-4FEB-8799-499FC9D44339", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects RAX40 before 1.0.2.60, RAX35 before 1.0.2.60, R6400v2 before 1.0.4.122, R6700v3 before 1.0.4.122, R6900P before 1.3.3.152, R7000P before 1.3.3.152, R7000 before 1.0.11.136, R7960P before 1.4.4.94, and R8000P before 1.4.4.94.", }, { lang: "es", value: "Ciertos dispositivos NETGEAR se ven afectados por un desbordamiento del búfer provocado por un atacante no autenticado. Esto afecta a RAX40 antes de 1.0.2.60, RAX35 antes de 1.0.2.60, R6400v2 antes de 1.0.4.122, R6700v3 antes de 1.0.4.122, R6900P antes de 1.3.3.152, R7000P antes de 1.3.3.152, R7000 antes de 1.0.11.13 6, R7960P anterior a 1.4.4.94, y R8000P antes de 1.4.4.94.", }, ], id: "CVE-2022-48196", lastModified: "2024-11-21T07:32:57.783", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 4, source: "cve@mitre.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-30T08:15:07.900", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://kb.netgear.com/000065495/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2019-0208", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.bleepingcomputer.com/news/security/netgear-warns-users-to-patch-recently-fixed-wifi-router-bug/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://kb.netgear.com/000065495/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2019-0208", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.bleepingcomputer.com/news/security/netgear-warns-users-to-patch-recently-fixed-wifi-router-bug/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-120", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-08-11 00:17
Modified
2024-11-21 06:17
Severity ?
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.66, R6260 before 1.1.0.78, R6700v2 before 1.2.0.76, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, RAX35 before 1.0.3.62, and RAX40 before 1.0.3.62.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d6200_firmware | * | |
| netgear | d6200 | - | |
| netgear | d7000_firmware | * | |
| netgear | d7000 | - | |
| netgear | r6020_firmware | * | |
| netgear | r6020 | - | |
| netgear | r6080_firmware | * | |
| netgear | r6080 | - | |
| netgear | r6120_firmware | * | |
| netgear | r6120 | - | |
| netgear | r6260_firmware | * | |
| netgear | r6260 | - | |
| netgear | r6700_firmware | * | |
| netgear | r6700 | v2 | |
| netgear | r6800_firmware | * | |
| netgear | r6800 | - | |
| netgear | r6900_firmware | * | |
| netgear | r6900 | v2 | |
| netgear | r6850_firmware | * | |
| netgear | r6850 | - | |
| netgear | r7200_firmware | * | |
| netgear | r7200 | - | |
| netgear | r7350_firmware | * | |
| netgear | r7350 | - | |
| netgear | r7400_firmware | * | |
| netgear | r7400 | - | |
| netgear | r7450_firmware | * | |
| netgear | r7450 | - | |
| netgear | ac2100_firmware | * | |
| netgear | ac2100 | - | |
| netgear | ac2400_firmware | * | |
| netgear | ac2400 | - | |
| netgear | ac2600_firmware | * | |
| netgear | ac2600 | - | |
| netgear | rax35_firmware | * | |
| netgear | rax35 | - | |
| netgear | rax40_firmware | * | |
| netgear | rax40 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "59BF957E-F3B6-41A5-A36C-8C0CF3B417D0", versionEndExcluding: "1.1.00.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6200:-:*:*:*:*:*:*:*", matchCriteriaId: "00E6A1B7-4732-4259-9B71-10FF0B56A16B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C539CF50-2AC3-45F9-8F69-FA2F50FAD92D", versionEndExcluding: "1.0.1.78", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7000:-:*:*:*:*:*:*:*", matchCriteriaId: "AF04B65B-9685-4595-9C71-0F77AD7109BE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6020_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6EC58A4B-E061-49ED-BB2D-E0497846DBEE", versionEndExcluding: "1.0.0.48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6020:-:*:*:*:*:*:*:*", matchCriteriaId: "5DDA7ABF-4C4B-4945-993A-F93BD8FCB55E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6080_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AF9D1B97-7FF8-45D9-BFD6-72554BBB6008", versionEndExcluding: "1.0.0.48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6080:-:*:*:*:*:*:*:*", matchCriteriaId: "1CEB5C49-53CF-44AE-9A7D-E7E6201BFE62", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6120_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BC964EED-3452-4D6F-8603-0A28988282FA", versionEndExcluding: "1.0.0.66", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6120:-:*:*:*:*:*:*:*", matchCriteriaId: "D18D2CCD-424F-41D5-919B-E22B9FA68D36", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6260_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "33824B9B-1224-484A-AFF4-953573F299C6", versionEndExcluding: "1.1.0.78", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6260:-:*:*:*:*:*:*:*", matchCriteriaId: "3C395D49-57F9-4BC1-8619-57127355B86B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E0FCF958-2F6A-4B79-B307-2FE23B7CE8FC", versionEndExcluding: "1.2.0.76", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6700:v2:*:*:*:*:*:*:*", matchCriteriaId: "9F9706E6-CA53-43E4-91B0-D52655C86860", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EA434604-4916-4830-A96B-CEC0C8E5A1A0", versionEndExcluding: "1.2.0.76", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6800:-:*:*:*:*:*:*:*", matchCriteriaId: "09404083-B00B-4C1F-8085-BC242E625CA3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9E9457F1-F5E8-43CA-8697-3849E140B0CC", versionEndExcluding: "1.2.0.76", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6900:v2:*:*:*:*:*:*:*", matchCriteriaId: "2E8EB69B-6619-47B6-A073-D0B840D4EB0B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6850_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "612DAD20-761D-41D5-A6AB-AA9975847D34", versionEndExcluding: "1.1.0.78", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6850:-:*:*:*:*:*:*:*", matchCriteriaId: "598B48C5-4706-4431-8C5A-DA496DD1052F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4D95583A-EC79-41FF-9496-DAB19A1A34DB", versionEndExcluding: "1.2.0.76", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7200:-:*:*:*:*:*:*:*", matchCriteriaId: "FECB83F9-D417-4FD3-B293-87BC177E3AEB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7350_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "53B1B947-2E36-463C-848F-C5F5C0A5ECAF", versionEndExcluding: "1.2.0.76", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7350:-:*:*:*:*:*:*:*", matchCriteriaId: "AFD1A65C-F10F-4C52-8B6D-69992E512EB5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2A188F6E-5296-4511-97F2-9328B1E1F6CF", versionEndExcluding: "1.2.0.76", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7400:-:*:*:*:*:*:*:*", matchCriteriaId: "1F68AC3B-A31F-4AB0-89E9-BFFDE427AD3B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7450_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "33043216-4563-4195-88D7-93446302ECD1", versionEndExcluding: "1.2.0.76", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7450:-:*:*:*:*:*:*:*", matchCriteriaId: "6DA5420D-DD64-4A9C-9B5F-784F0ED2B464", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ac2100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8AB0B236-6BC6-4E99-8792-6B01BD591D3A", versionEndExcluding: "1.2.0.76", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ac2100:-:*:*:*:*:*:*:*", matchCriteriaId: "A80B06A1-81B5-4C33-89F6-EC3F6E3068B5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ac2400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2B01C772-D1D4-41F1-A33D-72A6A672502A", versionEndExcluding: "1.2.0.76", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ac2400:-:*:*:*:*:*:*:*", matchCriteriaId: "6B25A18F-DD96-45FE-B098-71E60CB0FFFE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ac2600_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BA359610-21DC-41C4-9430-8406B34490EB", versionEndExcluding: "1.2.0.76", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ac2600:-:*:*:*:*:*:*:*", matchCriteriaId: "2BFCD9A8-1846-48C4-9F14-3866E983FB74", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax35_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AD29688A-89F2-49A5-B9D9-6AFC0EA6CB49", versionEndExcluding: "1.0.3.62", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax35:-:*:*:*:*:*:*:*", matchCriteriaId: "4201E4D6-4DDF-4EF3-902A-960DFFF7C9A4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1B269F15-F70A-4F6C-90AD-025EBB497C1B", versionEndExcluding: "1.0.3.62", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax40:-:*:*:*:*:*:*:*", matchCriteriaId: "13D54346-4B03-4296-B050-04EB8CFCA732", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.66, R6260 before 1.1.0.78, R6700v2 before 1.2.0.76, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, RAX35 before 1.0.3.62, and RAX40 before 1.0.3.62.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por un ataque de tipo XSS almacenado. Esto afecta a D6200 versiones anteriores a 1.1.00.40, D7000 versiones anteriores a 1.0.1.78, R6020 versiones anteriores a 1.0.0.48, R6080 versiones anteriores a 1.0.0.48, R6120 versiones anteriores a 1.0.0.66, R6260 versiones anteriores a 1.1.0.78, R6700v2 versiones anteriores a 1.2.0.76, R6800 versiones anteriores a 1.2.0.76, R6900v2 versiones anteriores a 1.2.0. 76, R6850 versiones anteriores a 1.1.0.78, R7200 versiones anteriores a 1.2.0.76, R7350 versiones anteriores a 1.2.0.76, R7400 versiones anteriores a 1.2.0.76, R7450 versiones anteriores a 1.2.0.76, AC2100 versiones anteriores a 1.2.0.76, AC2400 versiones anteriores a 1.2.0.76, AC2600 versiones anteriores a 1.2.0.76, RAX35 versiones anteriores a 1.0.3.62 y RAX40 versiones anteriores a 1.0.3.62", }, ], id: "CVE-2021-38536", lastModified: "2024-11-21T06:17:22.400", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 2.7, source: "cve@mitre.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-08-11T00:17:31.773", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000063774/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Gateways-PSV-2019-0193", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000063774/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Gateways-PSV-2019-0193", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-26 01:15
Modified
2024-11-21 06:32
Severity ?
8.4 (High) - CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
6.8 (Medium) - CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.8 (Medium) - CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects LAX20 before 1.1.6.28, MK62 before 1.1.6.122, MR60 before 1.1.6.122, MS60 before 1.1.6.122, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.116, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.38, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RS400 before 1.5.1.80, and XR1000 before 1.0.0.58.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:lax20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "48709EA4-81F3-4CF1-B9A8-5379309914B0", versionEndExcluding: "1.1.6.28", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:lax20:-:*:*:*:*:*:*:*", matchCriteriaId: "491CEB8D-22F3-4F86-96F0-03C5C58BA295", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:mk62_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0A6768BE-C869-4CC5-B683-08B8E4DDD683", versionEndExcluding: "1.1.6.122", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:mk62:-:*:*:*:*:*:*:*", matchCriteriaId: "69A79475-37BE-47BD-A629-DCEF22500B0B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:mr60_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4F6E7187-B191-473D-9E9D-0990447AB8C6", versionEndExcluding: "1.1.6.122", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:mr60:-:*:*:*:*:*:*:*", matchCriteriaId: "65BB3ECD-2F0B-4625-A1DB-F6CEFC46E277", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ms60_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "476B2ED6-D7C9-4B84-BCD0-9C98B80A5F53", versionEndExcluding: "1.1.6.122", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ms60:-:*:*:*:*:*:*:*", matchCriteriaId: "F003F064-591C-4D7C-9EC4-D0E553BC6683", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "87F3EAAB-C4C2-47BA-B87A-3CFF0C52EF21", versionEndExcluding: "1.0.4.118", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6400:-:*:*:*:*:*:*:*", matchCriteriaId: "3E4CDF6B-3829-44D0-9675-71D7BE83CAA2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "57A029C8-4DE3-4393-BD61-E9562C4E17D8", versionEndExcluding: "1.0.4.118", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6700:v3:*:*:*:*:*:*:*", matchCriteriaId: "5A09A9E8-8C77-4EDB-9483-B3C540EF083A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "94795476-184B-4E7D-9D8B-ECB45609108E", versionEndExcluding: "1.3.3.140", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*", matchCriteriaId: "C41908FF-AE64-4949-80E3-BEE061B2DA8A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D9F1DAD0-F8B8-48D5-B571-C55636B274C3", versionEndExcluding: "1.0.11.116", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*", matchCriteriaId: "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C3A7E8BF-8CC3-4806-89F5-FBE01A36A1FD", versionEndExcluding: "1.3.3.140", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*", matchCriteriaId: "DFE55F4D-E98B-46D3-B870-041141934CD1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7850_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EF7A1DF8-E9A0-4312-AC37-DEB46E37EE50", versionEndExcluding: "1.0.5.68", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7850:-:*:*:*:*:*:*:*", matchCriteriaId: "DAF94D73-B6D0-4334-9A41-83AA92B7C6DF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "96390A31-03B8-477B-8710-F797CB44E741", versionEndExcluding: "1.0.4.38", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7900:-:*:*:*:*:*:*:*", matchCriteriaId: "C484840F-AF30-4B5C-821A-4DB9BE407BDB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7900p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EA344C08-94F1-47F8-9607-3D854B890E19", versionEndExcluding: "1.4.2.84", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7900p:-:*:*:*:*:*:*:*", matchCriteriaId: "F3D6A70D-66AF-4064-9F1B-4358D4B1F016", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "33B2293C-09AD-4B5A-B2A0-923E2B9923AA", versionEndExcluding: "1.4.2.84", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:*", matchCriteriaId: "091CEDB5-0069-4253-86D8-B9FE17CB9F24", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D10E41DC-982F-444A-9A4D-82EC2BA64199", versionEndExcluding: "1.0.4.68", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*", matchCriteriaId: "5B39F095-8FE8-43FD-A866-7B613B495984", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4905D866-2326-487F-AAA5-96ABA0DBD56E", versionEndExcluding: "1.4.2.84", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:*", matchCriteriaId: "F7EF872D-2537-4FEB-8799-499FC9D44339", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax15_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2268D5EF-E7FA-4112-A468-507417E18FFF", versionEndExcluding: "1.0.3.96", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax15:-:*:*:*:*:*:*:*", matchCriteriaId: "B624B4D3-BCF4-4F95-B401-A88BEC3145A5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "31289572-2197-4A38-8353-CA4AAD491160", versionEndExcluding: "1.0.3.96", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax20:-:*:*:*:*:*:*:*", matchCriteriaId: "7038703C-C79D-4DD4-8B16-E1A5FC6694C0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6334DE4D-E78B-4582-9C6F-6123DA5192C7", versionEndExcluding: "1.0.4.120", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:*", matchCriteriaId: "58EB0F2F-FB5C-47D9-9AE6-087AE517B3F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax35_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "255508E6-628A-4C83-BA39-90C9D05197B7", versionEndExcluding: "1.0.3.96", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax35:v2:*:*:*:*:*:*:*", matchCriteriaId: "972BB714-8869-42C6-95F6-2C15AFA65716", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "68163CF2-4781-4B87-8E39-62B4DF82A44A", versionEndExcluding: "1.0.3.96", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax40:-:*:*:*:*:*:*:*", matchCriteriaId: "13D54346-4B03-4296-B050-04EB8CFCA732", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax43_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8AC89EAA-344C-438E-A5A5-2C34CF699743", versionEndExcluding: "1.0.3.96", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax43:-:*:*:*:*:*:*:*", matchCriteriaId: "178BB386-F66C-4CE8-9283-37D22B304691", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax45_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0706367A-3F60-4564-8689-E0A46DDC31C2", versionEndExcluding: "1.0.3.96", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax45:-:*:*:*:*:*:*:*", matchCriteriaId: "4B08BD69-CDCC-4CEB-B887-4E47D2B45D26", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "679C4EC5-D17E-469B-A28F-BF5E231CED3D", versionEndExcluding: "1.0.3.96", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax50:-:*:*:*:*:*:*:*", matchCriteriaId: "C430976E-24C0-4EA7-BF54-F9C188AB9C01", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BDF9F3BA-4239-4F4D-A65E-A6752A5420F6", versionEndExcluding: "1.0.4.120", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:*", matchCriteriaId: "1BAA74D7-36A1-4494-96A2-BD0D2D6BF22F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax80_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "334BB384-5C29-4D24-9F82-B8EE8D0CA8BF", versionEndExcluding: "1.0.4.120", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax80:-:*:*:*:*:*:*:*", matchCriteriaId: "06B5A85C-3588-4263-B9AD-4E56D3F6CB16", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rs400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "95AF0FA9-F2C5-4D84-BF37-AA8CB6EC3C4A", versionEndExcluding: "1.5.1.80", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rs400:-:*:*:*:*:*:*:*", matchCriteriaId: "2700644E-0940-4D05-B3CA-904D91739E58", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:xr1000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F615F516-29EF-4C15-9E18-C5D4F6291A38", versionEndExcluding: "1.0.0.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:xr1000:-:*:*:*:*:*:*:*", matchCriteriaId: "4FD4ED11-4130-47DA-8A9D-55B8F6E3E213", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects LAX20 before 1.1.6.28, MK62 before 1.1.6.122, MR60 before 1.1.6.122, MS60 before 1.1.6.122, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.116, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.38, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RS400 before 1.5.1.80, and XR1000 before 1.0.0.58.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por una inyección de comandos por parte de un usuario autenticado. Esto afecta a LAX20 versiones anteriores a 1.1.6.28, MK62 versiones anteriores a 1.1.6.122, MR60 versiones anteriores a 1.1.6.122, MS60 versiones anteriores a 1.1.6.122, R6400v2 versiones anteriores a 1.0.4.118, R6700v3 versiones anteriores a 1.0.4. 118, R6900P versiones anteriores a 1.3.3.140, R7000 versiones anteriores a 1.0.11.116, R7000P versiones anteriores a 1.3.3.140, R7850 versiones anteriores a 1.0.5.68, R7900 versiones anteriores a 1.0.4.38, R7900P versiones anteriores a 1.4.2.84, R7960P versiones anteriores a 1.4.2. 84, R8000 versiones anteriores a 1.0.4.68, R8000P versiones anteriores a 1.4.2.84, RAX15 versiones anteriores a 1.0.3.96, RAX20 versiones anteriores a 1.0.3.96, RAX200 versiones anteriores a 1.0.4.120, RAX35v2 versiones anteriores a 1.0.3.96, RAX40v2 versiones anteriores a 1.0.3. 96, RAX43 versiones anteriores a 1.0.3.96, RAX45 versiones anteriores a 1.0.3.96, RAX50 versiones anteriores a 1.0.3.96, RAX75 versiones anteriores a 1.0.4.120, RAX80 versiones anteriores a 1.0.4.120, RS400 versiones anteriores a 1.5.1.80 y XR1000 versiones anteriores a 1.0.0.58", }, ], id: "CVE-2021-45549", lastModified: "2024-11-21T06:32:29.353", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 5.1, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 6, source: "cve@mitre.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-26T01:15:15.320", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000064513/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0517", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000064513/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0517", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-26 01:15
Modified
2024-11-21 06:32
Severity ?
4.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects CBR750 before 3.2.18.2, D6220 before 1.0.0.68, D6400 before 1.0.0.102, D8500 before 1.0.3.60, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6300v2 before 1.0.4.50, R6400 before 1.0.1.68, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.116, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.38, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, and XR1000 before 1.0.0.58.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:cbr750_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DCDDC785-6FEC-4D94-86D1-8E55FB0CA6C1", versionEndExcluding: "3.2.18.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:cbr750:-:*:*:*:*:*:*:*", matchCriteriaId: "CBD14EFC-C6EF-485B-A594-73B8525704A5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6220_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ADF65DC4-51D5-4C38-B28D-7EA93B1734A3", versionEndExcluding: "1.0.0.68", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6220:-:*:*:*:*:*:*:*", matchCriteriaId: "F3EEA190-2E9C-4586-BF81-B115532FBA23", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "888A8E0F-93DD-436D-B00C-F469C3BD6E5B", versionEndExcluding: "1.0.0.102", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6400:-:*:*:*:*:*:*:*", matchCriteriaId: "7D30939B-86E3-4C78-9B05-686B4994C8B9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d8500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "160F53B0-8430-4D85-8ABC-0A64B27DDFBD", versionEndExcluding: "1.0.3.60", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d8500:-:*:*:*:*:*:*:*", matchCriteriaId: "814A0114-9A1D-4EA0-9AF4-6968514E4F01", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:lax20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "48709EA4-81F3-4CF1-B9A8-5379309914B0", versionEndExcluding: "1.1.6.28", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:lax20:-:*:*:*:*:*:*:*", matchCriteriaId: "491CEB8D-22F3-4F86-96F0-03C5C58BA295", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:mk62_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AE40C2D0-0863-4E0F-B3E7-6FD043B46467", versionEndExcluding: "1.0.6.116", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:mk62:-:*:*:*:*:*:*:*", matchCriteriaId: "69A79475-37BE-47BD-A629-DCEF22500B0B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:mr60_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EA438541-75AE-4D6B-AB56-02760D08D465", versionEndExcluding: "1.0.6.116", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:mr60:-:*:*:*:*:*:*:*", matchCriteriaId: "65BB3ECD-2F0B-4625-A1DB-F6CEFC46E277", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ms60_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2234C485-F411-48CC-9A0B-AA49B6961E38", versionEndExcluding: "1.0.6.116", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ms60:-:*:*:*:*:*:*:*", matchCriteriaId: "F003F064-591C-4D7C-9EC4-D0E553BC6683", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "685E2CA4-AA89-4574-8DB1-7C06D9F0FF2D", versionEndExcluding: "1.0.4.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6300:v2:*:*:*:*:*:*:*", matchCriteriaId: "10938043-F7DF-42C3-8C16-F92CAF8E5576", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "930E739E-EFDC-49AB-9155-A71C2B25FCD6", versionEndExcluding: "1.0.1.68", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6400:-:*:*:*:*:*:*:*", matchCriteriaId: "3E4CDF6B-3829-44D0-9675-71D7BE83CAA2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "87F3EAAB-C4C2-47BA-B87A-3CFF0C52EF21", versionEndExcluding: "1.0.4.118", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6400:v2:*:*:*:*:*:*:*", matchCriteriaId: "52AE9AD2-BC8D-477D-A3D3-891AE52FA5F3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "57A029C8-4DE3-4393-BD61-E9562C4E17D8", versionEndExcluding: "1.0.4.118", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6700:v3:*:*:*:*:*:*:*", matchCriteriaId: "5A09A9E8-8C77-4EDB-9483-B3C540EF083A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "94795476-184B-4E7D-9D8B-ECB45609108E", versionEndExcluding: "1.3.3.140", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*", matchCriteriaId: "C41908FF-AE64-4949-80E3-BEE061B2DA8A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D9F1DAD0-F8B8-48D5-B571-C55636B274C3", versionEndExcluding: "1.0.11.116", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*", matchCriteriaId: "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C3A7E8BF-8CC3-4806-89F5-FBE01A36A1FD", versionEndExcluding: "1.3.3.140", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*", matchCriteriaId: "DFE55F4D-E98B-46D3-B870-041141934CD1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7850_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EF7A1DF8-E9A0-4312-AC37-DEB46E37EE50", versionEndExcluding: "1.0.5.68", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7850:-:*:*:*:*:*:*:*", matchCriteriaId: "DAF94D73-B6D0-4334-9A41-83AA92B7C6DF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "96390A31-03B8-477B-8710-F797CB44E741", versionEndExcluding: "1.0.4.38", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7900:-:*:*:*:*:*:*:*", matchCriteriaId: "C484840F-AF30-4B5C-821A-4DB9BE407BDB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7900p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EA344C08-94F1-47F8-9607-3D854B890E19", versionEndExcluding: "1.4.2.84", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7900p:-:*:*:*:*:*:*:*", matchCriteriaId: "F3D6A70D-66AF-4064-9F1B-4358D4B1F016", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "33B2293C-09AD-4B5A-B2A0-923E2B9923AA", versionEndExcluding: "1.4.2.84", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:*", matchCriteriaId: "091CEDB5-0069-4253-86D8-B9FE17CB9F24", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D10E41DC-982F-444A-9A4D-82EC2BA64199", versionEndExcluding: "1.0.4.68", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*", matchCriteriaId: "5B39F095-8FE8-43FD-A866-7B613B495984", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4905D866-2326-487F-AAA5-96ABA0DBD56E", versionEndExcluding: "1.4.2.84", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:*", matchCriteriaId: "F7EF872D-2537-4FEB-8799-499FC9D44339", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax15_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2268D5EF-E7FA-4112-A468-507417E18FFF", versionEndExcluding: "1.0.3.96", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax15:-:*:*:*:*:*:*:*", matchCriteriaId: "B624B4D3-BCF4-4F95-B401-A88BEC3145A5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "31289572-2197-4A38-8353-CA4AAD491160", versionEndExcluding: "1.0.3.96", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax20:-:*:*:*:*:*:*:*", matchCriteriaId: "7038703C-C79D-4DD4-8B16-E1A5FC6694C0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6334DE4D-E78B-4582-9C6F-6123DA5192C7", versionEndExcluding: "1.0.4.120", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:*", matchCriteriaId: "58EB0F2F-FB5C-47D9-9AE6-087AE517B3F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax35_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "255508E6-628A-4C83-BA39-90C9D05197B7", versionEndExcluding: "1.0.3.96", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax35:v2:*:*:*:*:*:*:*", matchCriteriaId: "972BB714-8869-42C6-95F6-2C15AFA65716", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "68163CF2-4781-4B87-8E39-62B4DF82A44A", versionEndExcluding: "1.0.3.96", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax40:v2:*:*:*:*:*:*:*", matchCriteriaId: "DD5F8B3F-C0D0-496C-A235-A467EA578C28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax43_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8AC89EAA-344C-438E-A5A5-2C34CF699743", versionEndExcluding: "1.0.3.96", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax43:-:*:*:*:*:*:*:*", matchCriteriaId: "178BB386-F66C-4CE8-9283-37D22B304691", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax45_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0706367A-3F60-4564-8689-E0A46DDC31C2", versionEndExcluding: "1.0.3.96", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax45:-:*:*:*:*:*:*:*", matchCriteriaId: "4B08BD69-CDCC-4CEB-B887-4E47D2B45D26", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "679C4EC5-D17E-469B-A28F-BF5E231CED3D", versionEndExcluding: "1.0.3.96", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax50:-:*:*:*:*:*:*:*", matchCriteriaId: "C430976E-24C0-4EA7-BF54-F9C188AB9C01", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BDF9F3BA-4239-4F4D-A65E-A6752A5420F6", versionEndExcluding: "1.0.4.120", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:*", matchCriteriaId: "1BAA74D7-36A1-4494-96A2-BD0D2D6BF22F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax80_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "334BB384-5C29-4D24-9F82-B8EE8D0CA8BF", versionEndExcluding: "1.0.4.120", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax80:-:*:*:*:*:*:*:*", matchCriteriaId: "06B5A85C-3588-4263-B9AD-4E56D3F6CB16", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk752_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D8D90FF3-F5CE-43DF-ACF7-C64DBDCCA185", versionEndExcluding: "3.2.17.12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk752:-:*:*:*:*:*:*:*", matchCriteriaId: "A45832BD-114D-42F1-B9F1-7532496D30A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk852_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "845C1FCC-F54B-452A-B121-1CD1A7867027", versionEndExcluding: "3.2.17.12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk852:-:*:*:*:*:*:*:*", matchCriteriaId: "14F257FE-31CE-4F74-829D-29407D74ADF7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr750_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B6AE1767-9D9A-4E9E-B088-6727FACFDE5C", versionEndExcluding: "3.2.17.12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr750:-:*:*:*:*:*:*:*", matchCriteriaId: "C13F5C69-FA9B-472A-9036-0C2967BDCDE9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr850_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "01E0EF50-145F-407A-8915-4EFFCD833505", versionEndExcluding: "3.2.17.12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr850:-:*:*:*:*:*:*:*", matchCriteriaId: "D92E4C8E-222A-476C-8273-F7171FC61F0B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs750_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F614A1AB-F0C0-45D7-8D91-ECA3C1AA9165", versionEndExcluding: "3.2.17.12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs750:-:*:*:*:*:*:*:*", matchCriteriaId: "B529194C-C440-4BC3-850F-0613FC548F86", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs850_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0DC5A075-0619-409C-B057-41015B8C54B3", versionEndExcluding: "3.2.17.12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs850:-:*:*:*:*:*:*:*", matchCriteriaId: "221CA950-E984-44CD-9E1B-3AADE3CEBE52", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rs400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "95AF0FA9-F2C5-4D84-BF37-AA8CB6EC3C4A", versionEndExcluding: "1.5.1.80", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rs400:-:*:*:*:*:*:*:*", matchCriteriaId: "2700644E-0940-4D05-B3CA-904D91739E58", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:xr1000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F615F516-29EF-4C15-9E18-C5D4F6291A38", versionEndExcluding: "1.0.0.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:xr1000:-:*:*:*:*:*:*:*", matchCriteriaId: "4FD4ED11-4130-47DA-8A9D-55B8F6E3E213", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects CBR750 before 3.2.18.2, D6220 before 1.0.0.68, D6400 before 1.0.0.102, D8500 before 1.0.3.60, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6300v2 before 1.0.4.50, R6400 before 1.0.1.68, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.116, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.38, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, and XR1000 before 1.0.0.58.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por un desbordamiento del búfer en la región stack de la memoria por parte de un usuario autenticado. Esto afecta a CBR750 versiones anteriores a 3.2.18.2, D6220 versiones anteriores a 1.0.0.68, D6400 versiones anteriores a 1.0.0.102, D8500 versiones anteriores a 1.0.3.60, LAX20 versiones anteriores a 1.1.6.28, MK62 versiones anteriores a 1.0.6.116, MR60 versiones anteriores a 1.0.6.116, MS60 versiones anteriores a 1.0.6.116, R6300v2 versiones anteriores a 1.0.4.50, R6400 versiones anteriores a 1.0. 1.68, R6400v2 versiones anteriores a 1.0.4.118, R6700v3 versiones anteriores a 1.0.4.118, R6900P versiones anteriores a 1.3.3.140, R7000 versiones anteriores a 1.0.11.116, R7000P versiones anteriores a 1.3.3.140, R7850 versiones anteriores a 1.0.5.68, R7900 versiones anteriores a 1.0.4.38, R7900P versiones anteriores a 1.4.2.84, R7960P versiones anteriores a 1.4.2.84, R8000 versiones anteriores a 1. 0.4.68, R8000P versiones anteriores a 1.4.2.84, RAX15 versiones anteriores a 1.0.3.96, RAX20 versiones anteriores a 1.0.3.96, RAX200 versiones anteriores a 1.0.4.120, RAX35v2 versiones anteriores a 1.0.3.96, RAX40v2 versiones anteriores a 1.0.3.96, RAX43 versiones anteriores a 1.0.3.96, RAX45 versiones anteriores a 1.0.3.96, RAX50 versiones anteriores a 1.0.3.96, RAX75 versiones anteriores a 1. 0.4.120, RAX80 versiones anteriores a 1.0.4.120, RBK752 versiones anteriores a 3.2.17.12, RBK852 versiones anteriores a 3.2.17.12, RBR750 versiones anteriores a 3.2.17.12, RBR850 versiones anteriores a 3.2.17.12, RBS750 versiones anteriores a 3.2.17.12, RBS850 versiones anteriores a 3.2.17.12, RS400 versiones anteriores a 1.5.1.80 y XR1000 versiones anteriores a 1.0.0.58", }, ], id: "CVE-2021-45604", lastModified: "2024-11-21T06:32:38.723", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 2.7, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:A/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 5.1, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 4.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 3.6, source: "cve@mitre.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 4.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-26T01:15:17.900", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://kb.netgear.com/000064526/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-WiFi-Systems-PSV-2020-0572", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://kb.netgear.com/000064526/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-WiFi-Systems-PSV-2020-0572", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-09 14:15
Modified
2024-11-21 06:26
Severity ?
Summary
A path traversal attack in web interfaces of Netgear RAX35, RAX38, and RAX40 routers before v1.0.4.102, allows a remote unauthenticated attacker to gain access to sensitive restricted information, such as forbidden files of the web application, via sending a specially crafted HTTP packet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | rax35_firmware | * | |
| netgear | rax35 | - | |
| netgear | rax38_firmware | * | |
| netgear | rax38 | - | |
| netgear | rax40_firmware | * | |
| netgear | rax40 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax35_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5F2DB747-540A-4C65-9729-0104357CA87A", versionEndExcluding: "1.0.4.102", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax35:-:*:*:*:*:*:*:*", matchCriteriaId: "4201E4D6-4DDF-4EF3-902A-960DFFF7C9A4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax38_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "466B8B30-1D65-4A02-956C-D377B554025D", versionEndExcluding: "1.0.4.102", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax38:-:*:*:*:*:*:*:*", matchCriteriaId: "BDA02FAE-E0C9-402F-9E7D-69EEDCC80053", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "99167432-45E7-4E21-9804-3C7FF8AD106A", versionEndExcluding: "1.0.4.102", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax40:-:*:*:*:*:*:*:*", matchCriteriaId: "13D54346-4B03-4296-B050-04EB8CFCA732", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A path traversal attack in web interfaces of Netgear RAX35, RAX38, and RAX40 routers before v1.0.4.102, allows a remote unauthenticated attacker to gain access to sensitive restricted information, such as forbidden files of the web application, via sending a specially crafted HTTP packet.", }, { lang: "es", value: "Un ataque de salto de ruta en las interfaces web de los routers Netgear RAX35, RAX38 y RAX40 versiones anteriores a v1.0.4.102, permite a un atacante remoto no autenticado conseguir acceso a información confidencial restringida, como archivos prohibidos de la aplicación web, por medio del envío de un paquete HTTP especialmente diseñado", }, ], id: "CVE-2021-41449", lastModified: "2024-11-21T06:26:16.017", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 3.6, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-09T14:15:12.563", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://netgear.com", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://rax40.com", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000064405/Security-Advisory-for-Path-Traversal-on-Some-Routers-PSV-2021-0268", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.netgear.com/about/security/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://netgear.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://rax40.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000064405/Security-Advisory-for-Path-Traversal-on-Some-Routers-PSV-2021-0268", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.netgear.com/about/security/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-26 01:15
Modified
2024-11-21 06:32
Severity ?
7.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RAX35 before 1.0.4.102, RAX38 before 1.0.4.102, and RAX40 before 1.0.4.102.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | rax35_firmware | * | |
| netgear | rax35 | - | |
| netgear | rax38_firmware | * | |
| netgear | rax38 | - | |
| netgear | rax40_firmware | * | |
| netgear | rax40 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax35_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5F2DB747-540A-4C65-9729-0104357CA87A", versionEndExcluding: "1.0.4.102", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax35:-:*:*:*:*:*:*:*", matchCriteriaId: "4201E4D6-4DDF-4EF3-902A-960DFFF7C9A4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax38_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "466B8B30-1D65-4A02-956C-D377B554025D", versionEndExcluding: "1.0.4.102", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax38:-:*:*:*:*:*:*:*", matchCriteriaId: "BDA02FAE-E0C9-402F-9E7D-69EEDCC80053", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "99167432-45E7-4E21-9804-3C7FF8AD106A", versionEndExcluding: "1.0.4.102", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax40:-:*:*:*:*:*:*:*", matchCriteriaId: "13D54346-4B03-4296-B050-04EB8CFCA732", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RAX35 before 1.0.4.102, RAX38 before 1.0.4.102, and RAX40 before 1.0.4.102.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por una divulgación de credenciales administrativas. Esto afecta a RAX35 versiones anteriores a 1.0.4.102, RAX38 versiones anteriores a 1.0.4.102 y RAX40 versiones anteriores a 1.0.4.102", }, ], id: "CVE-2021-45493", lastModified: "2024-11-21T06:32:20.090", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 4.7, source: "cve@mitre.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-26T01:15:12.537", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000064453/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-Routers-PSV-2019-0293", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000064453/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-Routers-PSV-2019-0293", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-03 02:15
Modified
2025-01-09 15:37
Severity ?
Summary
NETGEAR RAX30 SOAP Request SQL Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of specific SOAP requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the service account. Was ZDI-CAN-19754.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | rax30_firmware | * | |
| netgear | rax30 | - | |
| netgear | raxe300_firmware | * | |
| netgear | raxe300 | - | |
| netgear | rax40_firmware | * | |
| netgear | rax40 | - | |
| netgear | rax35_firmware | * | |
| netgear | rax35 | - | |
| netgear | rax38_firmware | * | |
| netgear | rax38 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax30_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "94C6B573-5355-47EE-A262-E15AE88F8DDB", versionEndExcluding: "1.0.10.94", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax30:-:*:*:*:*:*:*:*", matchCriteriaId: "EBC92B49-60E0-4554-BE7F-D2B5D6EF6454", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:raxe300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0FFB9D62-BB6B-4706-876C-1056F659D4A2", versionEndExcluding: "1.0.10.94", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:raxe300:-:*:*:*:*:*:*:*", matchCriteriaId: "BD3BE955-696E-41D6-B281-1473EC803803", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D340B311-1788-43BB-BD13-6AABCA720A25", versionEndExcluding: "1.0.10.94", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax40:-:*:*:*:*:*:*:*", matchCriteriaId: "13D54346-4B03-4296-B050-04EB8CFCA732", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax35_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C30EEA0B-BB23-4860-AD57-DCD7EFBAE7DC", versionEndExcluding: "1.0.10.94", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax35:-:*:*:*:*:*:*:*", matchCriteriaId: "4201E4D6-4DDF-4EF3-902A-960DFFF7C9A4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax38_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "97647327-6F08-40B8-8F48-04681E494676", versionEndExcluding: "1.0.10.94", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax38:-:*:*:*:*:*:*:*", matchCriteriaId: "BDA02FAE-E0C9-402F-9E7D-69EEDCC80053", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "NETGEAR RAX30 SOAP Request SQL Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of specific SOAP requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the service account. Was ZDI-CAN-19754.", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código de inyección SQL de solicitud SOAP de NETGEAR RAX30. Esta vulnerabilidad permite a atacantes adyacentes a la red ejecutar código arbitrario en instalaciones afectadas de enrutadores NETGEAR RAX30. No se requiere autenticación para aprovechar esta vulnerabilidad. La falla específica existe en el manejo de solicitudes SOAP específicas. El problema se debe a la falta de validación adecuada de una cadena proporcionada por el usuario antes de usarla para construir consultas SQL. Un atacante puede aprovechar esto junto con otras vulnerabilidades para ejecutar código arbitrario en el contexto de la cuenta de servicio. Era ZDI-CAN-19754.", }, ], id: "CVE-2023-27358", lastModified: "2025-01-09T15:37:04.203", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "zdi-disclosures@trendmicro.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-05-03T02:15:13.673", references: [ { source: "zdi-disclosures@trendmicro.com", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000065617/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-PSV-2022-0349", }, { source: "zdi-disclosures@trendmicro.com", tags: [ "Third Party Advisory", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-23-502/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000065617/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-PSV-2022-0349", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-23-502/", }, ], sourceIdentifier: "zdi-disclosures@trendmicro.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "zdi-disclosures@trendmicro.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-12-30 00:15
Modified
2024-11-21 05:28
Severity ?
9.4 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
9.4 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
9.4 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
Summary
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, CBK40 before 2.5.0.10, CBR40 before 2.5.0.10, D6000 before 1.0.0.80, D6220 before 1.0.0.60, D6400 before 1.0.0.94, D7000v2 before 1.0.0.62, D7800 before 1.0.3.48, D8500 before 1.0.3.50, DC112A before 1.0.0.48, DGN2200v4 before 1.0.0.114, DM200 before 1.0.0.66, EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX2700 before 1.0.1.58, EX3110 before 1.0.1.68, EX3700 before 1.0.0.84, EX3800 before 1.0.0.84, EX3920 before 1.0.0.84, EX6000 before 1.0.0.44, EX6100v2 before 1.0.1.94, EX6110 before 1.0.1.68, EX6120 before 1.0.0.54, EX6130 before 1.0.0.36, EX6150v1 before 1.0.0.46, EX6150v2 before 1.0.1.94, EX6200v1 before 1.0.3.94, EX6250 before 1.0.0.128, EX6400 before 1.0.2.152, EX6400v2 before 1.0.0.128, EX6410 before 1.0.0.128, EX6920 before 1.0.0.54, EX7000 before 1.0.1.90, EX7300 before 1.0.2.152, EX7300v2 before 1.0.0.128, EX7320 before 1.0.0.128, EX7500 before 1.0.0.68, EX7700 before 1.0.0.210, EX8000 before 1.0.1.224, MK62 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, R6120 before 1.0.0.70, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6250 before 1.0.4.42, R6260 before 1.1.0.76, R6300v2 before 1.0.4.42, R6330 before 1.1.0.76, R6350 before 1.1.0.76, R6400v1 before 1.0.1.62, R6400v2 before 1.0.4.98, R6700v1 before 1.0.2.16, R6700v2 before 1.2.0.72, R6700v3 before 1.0.4.98, R6800 before 1.2.0.72, R6800 before 1.2.0.72, R6850 before 1.1.0.76, R6900 before 1.0.2.16, R6900P before 1.3.2.124, R6900v2 before 1.2.0.72, R7000 before 1.0.11.106, R7000P before 1.3.2.124, R7100LG before 1.0.0.56, R7200 before 1.2.0.72, R7350 before 1.2.0.72, R7400 before 1.2.0.72, R7450 before 1.2.0.72, R7500v2 before 1.0.3.48, R7800 before 1.0.2.74, R7850 before 1.0.5.60, R7900 before 1.0.4.26, R7900P before 1.4.1.62, R7960P before 1.4.1.62, R8000 before 1.0.4.58, R8000P before 1.4.1.62, R8300 before 1.0.2.134, R8500 before 1.0.2.134, R8900 before 1.0.5.24, R9000 before 1.0.5.24, RAX120 before 1.0.1.136, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX200 before 1.0.5.24, RAX35 before 1.0.3.80, RAX40 before 1.0.3.80, RAX45 before 1.0.2.64, RAX50 before 1.0.2.64, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK12 before 2.6.1.44, RBR10 before 2.6.1.44, RBS10 before 2.6.1.44, RBK20 before 2.6.1.38, RBR20 before 2.6.1.36, RBS20 before 2.6.1.38, RBK40 before 2.6.1.38, RBR40 before 2.6.1.38, RBS40 before 2.6.1.38, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK842 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBS40V before 2.5.1.6, RBS40V-200 before 1.0.0.46, RBS50Y before 2.6.1.40, RBW30 before 2.5.0.4, RS400 before 1.5.0.48, WN2500RPv2 before 1.0.1.56, WN3000RPv3 before 1.0.2.86, WN3500RPv1 before 1.0.0.28, WNDR3400v3 before 1.0.1.32, WNR1000v3 before 1.0.2.78, WNR2000v2 before 1.2.0.12, XR300 before 1.0.3.50, XR450 before 2.3.2.66, XR500 before 2.3.2.66, and XR700 before 1.0.1.34.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ac2100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4C1280B1-A2DF-4CAB-AB19-6B463206AA3D", versionEndExcluding: "1.2.0.72", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ac2100:-:*:*:*:*:*:*:*", matchCriteriaId: "A80B06A1-81B5-4C33-89F6-EC3F6E3068B5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ac2400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "76C658A4-BF82-40CE-A5E1-C9F3DA1A9B0B", versionEndExcluding: "1.2.0.72", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ac2400:-:*:*:*:*:*:*:*", matchCriteriaId: "6B25A18F-DD96-45FE-B098-71E60CB0FFFE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ac2600_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4A3A6655-B468-46FB-84D7-2294D4243C91", versionEndExcluding: "1.2.0.72", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ac2600:-:*:*:*:*:*:*:*", matchCriteriaId: "2BFCD9A8-1846-48C4-9F14-3866E983FB74", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:cbk40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7C3B3284-B11F-4752-9C6A-0B5BECA3DB2B", versionEndExcluding: "2.5.0.10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:cbk40:-:*:*:*:*:*:*:*", matchCriteriaId: "E526746E-1ED6-492E-B28C-A1CA8235D9FD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:cbr40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2B05686E-7206-4E3B-BDBD-05C8EA6CABB5", versionEndExcluding: "2.5.0.10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:cbr40:-:*:*:*:*:*:*:*", matchCriteriaId: "AE0F7E9E-196C-4106-B1C9-C16FA5910A0F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "762CAE87-3C98-4DB8-9B3D-5CCC3D555004", versionEndExcluding: "1.0.0.80", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6000:-:*:*:*:*:*:*:*", matchCriteriaId: "6F6EA344-FF99-4F27-9860-3C5BE07345A7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6220_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F2A04BB9-E816-49B5-B539-4B36A5CFFA22", versionEndExcluding: "1.0.0.60", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6220:-:*:*:*:*:*:*:*", matchCriteriaId: "F3EEA190-2E9C-4586-BF81-B115532FBA23", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8F4BC21D-8354-4C71-BE68-9D1A14A9471F", versionEndExcluding: "1.0.0.94", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6400:-:*:*:*:*:*:*:*", matchCriteriaId: "7D30939B-86E3-4C78-9B05-686B4994C8B9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7000v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B3DCFE88-1262-43BF-88BB-B26658EDEDF1", versionEndExcluding: "1.0.0.62", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7000v2:-:*:*:*:*:*:*:*", matchCriteriaId: "6DC6BD34-1A2C-4247-A20C-0B44C0F56E0F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "93A32171-41B3-43DF-9027-51382D83158A", versionEndExcluding: "1.0.3.48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2D4987-3726-4A72-8D32-592F59FAC46D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d8500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8F3F88DD-CE38-45A8-990A-4770A480D1BF", versionEndExcluding: "1.0.3.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d8500:-:*:*:*:*:*:*:*", matchCriteriaId: "814A0114-9A1D-4EA0-9AF4-6968514E4F01", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:dc112a_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0D989E9B-5626-4238-877A-FFB0FC1C6352", versionEndExcluding: "1.0.0.48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:dc112a:-:*:*:*:*:*:*:*", matchCriteriaId: "F87FFC46-137D-45B8-B437-F15565FB33D0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:dgn2200v4_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AE1AC249-D64C-4E61-A22A-1498712D2758", versionEndExcluding: "1.0.0.114", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:dgn2200v4:-:*:*:*:*:*:*:*", matchCriteriaId: "0BE59214-C8A1-4337-A54C-E4E8C149B241", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:dm200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CFD91F26-5253-4A05-AB69-94CB2C416F83", versionEndExcluding: "1.0.0.66", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:dm200:-:*:*:*:*:*:*:*", matchCriteriaId: "1B048F71-70F1-4D9F-84E2-9F7340F6ADAB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:eax20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "62EFA314-85C0-48CC-938E-E2BF42B16746", versionEndExcluding: "1.0.0.36", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:eax20:-:*:*:*:*:*:*:*", matchCriteriaId: "A9D3B54B-33C0-4E50-AD2B-2097C612F288", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:eax80_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C7EE6BC6-DEDA-4005-9E29-D66D0BC7E5C2", versionEndExcluding: "1.0.1.62", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:eax80:-:*:*:*:*:*:*:*", matchCriteriaId: "97740F5D-063E-424F-A0FE-09EBE1100975", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex2700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F81FC1BC-5186-4642-AD43-459C707B18CB", versionEndExcluding: "1.0.1.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex2700:-:*:*:*:*:*:*:*", matchCriteriaId: "5341B659-DE7D-43F1-954D-82049CBE18AD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex3110_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "16871358-4EF4-4517-BA05-6ED135691566", versionEndExcluding: "1.0.1.68", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex3110:-:*:*:*:*:*:*:*", matchCriteriaId: "3C254694-4C37-4C5E-BF1C-06EC09BDCA1B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "953A4436-6F98-494C-B184-354E577F8E59", versionEndExcluding: "1.0.0.84", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex3700:-:*:*:*:*:*:*:*", matchCriteriaId: "CDAA5899-B73C-4690-853E-B5400F034BE1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex3800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CF7B1DD1-E197-461C-9537-C6D1DF2F6D7D", versionEndExcluding: "1.0.0.84", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex3800:-:*:*:*:*:*:*:*", matchCriteriaId: "CC5488D9-651C-4BAB-A141-06B816690D42", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex3920_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "33BDAF99-3E64-427E-ACAF-AEFB75401C72", versionEndExcluding: "1.0.0.84", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex3920:-:*:*:*:*:*:*:*", matchCriteriaId: "E576341B-2426-4F4D-8DF4-0A6D462656A3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EDB99B74-2E41-4986-96BB-B728ED32405B", versionEndExcluding: "1.0.0.44", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6000:-:*:*:*:*:*:*:*", matchCriteriaId: "02E7CA7E-E6CA-4BAB-8F40-4731EA523D91", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6100v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "93543159-8F91-471D-BBE8-2956520DBD71", versionEndExcluding: "1.0.1.94", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6100v2:-:*:*:*:*:*:*:*", matchCriteriaId: "4DCFF79A-8ACE-455B-90F3-FFC745E8BAD4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6110_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7E7EBD31-5A65-442D-B7BD-B8A20BE37C20", versionEndExcluding: "1.0.1.68", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6110:-:*:*:*:*:*:*:*", matchCriteriaId: "04329A16-D96D-4E1D-8AC9-EA3882F1DC41", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6120_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D1AA1E29-118C-4299-91FA-2C8584EC6F6C", versionEndExcluding: "1.0.0.54", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6120:-:*:*:*:*:*:*:*", matchCriteriaId: "8C6DFDB6-1D7A-459A-8D30-FD4900ED718B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6130_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B845CEBF-A8A2-474B-9094-43AA53560150", versionEndExcluding: "1.0.0.36", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6130:-:*:*:*:*:*:*:*", matchCriteriaId: "305E295C-9C73-4798-A0BE-7973E1EE5EAB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6150v1_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3141B266-38D7-43DB-B3CD-750D491F0AEA", versionEndExcluding: "1.0.0.46", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6150v1:-:*:*:*:*:*:*:*", matchCriteriaId: "8FD610F2-64B7-4141-A387-69A2A97C20CB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6150v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B9B1AB33-CF18-4774-81F9-7ADA5819F8E8", versionEndExcluding: "1.0.1.94", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6150v2:-:*:*:*:*:*:*:*", matchCriteriaId: "5828F04B-E373-4E4F-942D-08CCA038418C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6200v1_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "34961F45-369E-4344-A498-CF822A1503F9", versionEndExcluding: "1.0.3.94", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6200v1:-:*:*:*:*:*:*:*", matchCriteriaId: "AA1A7496-E8F3-48CA-965B-367B3C33F962", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6250_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DB1C84E8-B947-4850-9D66-E306557DC316", versionEndExcluding: "1.0.0.128", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6250:-:*:*:*:*:*:*:*", matchCriteriaId: "B7694D0C-2CC6-4A6E-A251-5CBFC67D2AA9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6CFA90DB-6949-4743-9B63-F1E73B28C7D0", versionEndExcluding: "1.0.2.152", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6400:-:*:*:*:*:*:*:*", matchCriteriaId: "1289BBB4-1955-46A4-B5FE-BF11153C24F5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6400v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "22C5E2C9-E8DA-478A-B3B1-2C0038B5D560", versionEndExcluding: "1.0.0.128", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6400v2:-:*:*:*:*:*:*:*", matchCriteriaId: "5882095F-B22A-4937-BA08-6640140F10AE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6410_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0DD3A7D2-75CE-4C67-AAE2-75F09653DFA7", versionEndExcluding: "1.0.0.128", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6410:-:*:*:*:*:*:*:*", matchCriteriaId: "C63267D8-4632-4D14-B39C-BEEC62AD8F87", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6920_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6FF964D1-1FCE-467B-8B7F-8189CDF728D4", versionEndExcluding: "1.0.0.54", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6920:-:*:*:*:*:*:*:*", matchCriteriaId: "65914D7F-39EA-489B-8DE7-8547AFC05F64", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6A096742-1FFA-4C19-B697-EC5154411CF2", versionEndExcluding: "1.0.1.90", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7000:-:*:*:*:*:*:*:*", matchCriteriaId: "9F45B620-60B8-40F3-A055-181ADD71EFFF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "79610A3C-B1B8-4E1A-B46B-25F58670A759", versionEndExcluding: "1.0.2.152", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7300:-:*:*:*:*:*:*:*", matchCriteriaId: "F285D60D-A5DA-4467-8F79-15EF8135D007", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7300v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E3B1295F-3207-4DF4-BA5B-0DE7AB289636", versionEndExcluding: "1.0.0.128", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7300v2:-:*:*:*:*:*:*:*", matchCriteriaId: "0A88D2A3-3B22-4639-94E9-69CE80F37392", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7320_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0EE4BFF4-42DA-4A09-892E-6FBBE72B28A6", versionEndExcluding: "1.0.0.128", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7320:-:*:*:*:*:*:*:*", matchCriteriaId: "A1D4DF51-84EA-4296-9E06-CE5E1F4A53D1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B59B0C17-2714-48E8-8911-E72488CE32E3", versionEndExcluding: "1.0.0.68", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7500:-:*:*:*:*:*:*:*", matchCriteriaId: "44336289-F9DA-4779-8C1A-0221E29E2E2F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6566C37A-252E-4301-952E-5C6F19F42326", versionEndExcluding: "1.0.0.210", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7700:-:*:*:*:*:*:*:*", matchCriteriaId: "0D140E3B-9AE5-473A-82DE-9B9DBAE4C34A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex8000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "456DA66C-6B99-4D0D-8F32-952905F9C752", versionEndExcluding: "1.0.1.224", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex8000:-:*:*:*:*:*:*:*", matchCriteriaId: "8D9781C9-799A-4BDA-A027-987627A01633", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:mk62_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D7658849-0743-487B-803F-D49680EDF185", versionEndExcluding: "1.0.5.102", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:mk62:-:*:*:*:*:*:*:*", matchCriteriaId: "69A79475-37BE-47BD-A629-DCEF22500B0B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:mr60_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3E18CCBB-46CD-423D-AA66-36F223EFD6E6", versionEndExcluding: "1.0.5.102", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:mr60:-:*:*:*:*:*:*:*", matchCriteriaId: "65BB3ECD-2F0B-4625-A1DB-F6CEFC46E277", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ms60_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "07A1D7A9-29E9-4B1D-90DB-24E0967C9BC7", versionEndExcluding: "1.0.5.102", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ms60:-:*:*:*:*:*:*:*", matchCriteriaId: "F003F064-591C-4D7C-9EC4-D0E553BC6683", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6120_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7F898DC9-9250-47DF-844C-F7308365135B", versionEndExcluding: "1.0.0.70", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6120:-:*:*:*:*:*:*:*", matchCriteriaId: "D18D2CCD-424F-41D5-919B-E22B9FA68D36", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "79B24229-6AC2-489D-B542-4DAA7E630180", versionEndExcluding: "1.1.0.100", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:*", matchCriteriaId: "B131B5C8-CB7F-433B-BA32-F05CE0E92A66", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6230_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2B5B842D-2275-4968-997B-A70A67CBDBEC", versionEndExcluding: "1.1.0.100", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6230:-:*:*:*:*:*:*:*", matchCriteriaId: "C91CADFA-59DB-4B6C-A914-848884F4A4BD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6250_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2CE369F2-053B-4F67-B295-54EE41C6C4DA", versionEndExcluding: "1.0.4.42", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6250:-:*:*:*:*:*:*:*", matchCriteriaId: "321BE843-52C4-4638-A321-439CA7B3A6F2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6260_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "23D4F7E6-C042-434E-87B8-55DB18B08B0A", versionEndExcluding: "1.1.0.76", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6260:-:*:*:*:*:*:*:*", matchCriteriaId: "3C395D49-57F9-4BC1-8619-57127355B86B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6300v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BD8455EE-AFAD-445D-910B-E8D9F02E8B1B", versionEndExcluding: "1.0.4.42", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6300v2:-:*:*:*:*:*:*:*", matchCriteriaId: "7909744D-FE9B-49D1-ADB3-029CCC432A47", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6330_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6524B85E-23AC-4983-8331-96E12899B773", versionEndExcluding: "1.1.0.76", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6330:-:*:*:*:*:*:*:*", matchCriteriaId: "D621D26D-B144-424A-A9CB-19488399ACC1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6350_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9F105F6F-ECD3-411D-924E-94BCF036C1EA", versionEndExcluding: "1.1.0.76", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6350:-:*:*:*:*:*:*:*", matchCriteriaId: "4B302909-29CF-4E53-9CCB-8664D3FCB03A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6400v1_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C48E07DA-A6D2-4035-BC2B-DC257148A259", versionEndExcluding: "1.0.1.62", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6400v1:-:*:*:*:*:*:*:*", matchCriteriaId: "39608E61-7E2C-49AA-9719-A40095B1C8A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6400v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6E32C097-6EDF-4C81-A375-028DB67B6231", versionEndExcluding: "1.0.4.98", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6400v2:-:*:*:*:*:*:*:*", matchCriteriaId: "AFE6B3A8-0601-44EA-AD9B-3BDDE6654FDF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6700v1_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "715A8158-B6A6-43FF-A0C0-0871EAB07667", versionEndExcluding: "1.0.2.16", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6700v1:-:*:*:*:*:*:*:*", matchCriteriaId: "A4187FD4-8045-4C00-A8F2-D37B5549E716", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6700v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9C5AB644-B80D-48A3-B794-C483FEFAFDED", versionEndExcluding: "1.2.0.72", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6700v2:-:*:*:*:*:*:*:*", matchCriteriaId: "C9793286-86D2-43BF-B9B8-823C05BCAE4B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6700v3_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DCCFD041-9413-4E37-8C4D-F50D1B10582B", versionEndExcluding: "1.0.4.98", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6700v3:-:*:*:*:*:*:*:*", matchCriteriaId: "C88DA385-5FAE-49EC-80D6-78F81E7EEC16", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B8956A99-1071-42A7-8984-D7134E755CBF", versionEndExcluding: "1.2.0.72", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6800:-:*:*:*:*:*:*:*", matchCriteriaId: "09404083-B00B-4C1F-8085-BC242E625CA3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B8956A99-1071-42A7-8984-D7134E755CBF", versionEndExcluding: "1.2.0.72", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6800:-:*:*:*:*:*:*:*", matchCriteriaId: "09404083-B00B-4C1F-8085-BC242E625CA3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6850_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3408536D-FC77-48C5-AD15-C5A170D7417C", versionEndExcluding: "1.1.0.76", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6850:-:*:*:*:*:*:*:*", matchCriteriaId: "598B48C5-4706-4431-8C5A-DA496DD1052F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B1D59AC0-2859-46C0-B050-3BB8E3E9CB06", versionEndExcluding: "1.0.2.16", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6900:-:*:*:*:*:*:*:*", matchCriteriaId: "0794BB7C-1BCF-4F08-8EB2-9C3B150C105A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "61DE3850-1661-43D1-9E52-31E2E01979EE", versionEndExcluding: "1.3.2.124", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*", matchCriteriaId: "C41908FF-AE64-4949-80E3-BEE061B2DA8A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6900v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "02672757-31FD-4338-AF2C-63FD1D7C1A19", versionEndExcluding: "1.2.0.72", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6900v2:-:*:*:*:*:*:*:*", matchCriteriaId: "A9FC6398-60A5-4003-A294-C96AE6DBCED5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D208F2CA-DB20-4C82-8FFF-B99EBFE29713", versionEndExcluding: "1.0.11.106", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*", matchCriteriaId: "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5C6F506A-464D-4BDE-8F9B-D537D3C7E137", versionEndExcluding: "1.3.2.124", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*", matchCriteriaId: "DFE55F4D-E98B-46D3-B870-041141934CD1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7100lg_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8841DA90-D1B1-40EB-809D-14C014337AAB", versionEndExcluding: "1.0.0.56", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7100lg:-:*:*:*:*:*:*:*", matchCriteriaId: "366FA778-3C2A-42AF-9141-DAD7043B406C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "02279B20-D951-46CE-B339-452BC585A4F3", versionEndExcluding: "1.2.0.72", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7200:-:*:*:*:*:*:*:*", matchCriteriaId: "FECB83F9-D417-4FD3-B293-87BC177E3AEB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7350_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B452611A-43C5-401B-95BD-189020B5C65C", versionEndExcluding: "1.2.0.72", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7350:-:*:*:*:*:*:*:*", matchCriteriaId: "AFD1A65C-F10F-4C52-8B6D-69992E512EB5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "237C68C0-C2A9-4F71-9E08-547F2A317CBC", versionEndExcluding: "1.2.0.72", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7400:-:*:*:*:*:*:*:*", matchCriteriaId: "1F68AC3B-A31F-4AB0-89E9-BFFDE427AD3B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7450_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "63697E3A-AAA3-42E7-8116-93C6548D3AB7", versionEndExcluding: "1.2.0.72", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7450:-:*:*:*:*:*:*:*", matchCriteriaId: "6DA5420D-DD64-4A9C-9B5F-784F0ED2B464", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C745B393-CC8D-4F88-A6EB-2788E1A4BAF9", versionEndExcluding: "1.0.3.48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500v2:-:*:*:*:*:*:*:*", matchCriteriaId: "2BCA6487-57EC-4630-884F-820BBFE25843", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C393DBF4-8281-4611-B591-CDB9DF0AA958", versionEndExcluding: "1.0.2.74", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7850_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4171EB00-3664-43D5-9B62-A3538C358142", versionEndExcluding: "1.0.5.60", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7850:-:*:*:*:*:*:*:*", matchCriteriaId: "DAF94D73-B6D0-4334-9A41-83AA92B7C6DF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D9800CB2-C14A-406B-B1FF-B1B62862EBDB", versionEndExcluding: "1.0.4.26", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7900:-:*:*:*:*:*:*:*", matchCriteriaId: "C484840F-AF30-4B5C-821A-4DB9BE407BDB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7900p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "44537647-E0B2-477D-98A5-7EA850BF3321", versionEndExcluding: "1.4.1.62", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7900p:-:*:*:*:*:*:*:*", matchCriteriaId: "F3D6A70D-66AF-4064-9F1B-4358D4B1F016", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EA8D0327-0A72-44EC-9CC2-6CAF6A0C08B2", versionEndExcluding: "1.4.1.62", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:*", matchCriteriaId: "091CEDB5-0069-4253-86D8-B9FE17CB9F24", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F030129E-95C6-4C31-92A6-DABCDC1B534B", versionEndExcluding: "1.0.4.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*", matchCriteriaId: "5B39F095-8FE8-43FD-A866-7B613B495984", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3B377E02-0228-4A2F-90F3-A82E7E964B37", versionEndExcluding: "1.4.1.62", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:*", matchCriteriaId: "F7EF872D-2537-4FEB-8799-499FC9D44339", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F6324787-AE71-423A-B853-8B22CA3A5294", versionEndExcluding: "1.0.2.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8300:-:*:*:*:*:*:*:*", matchCriteriaId: "7A9B77E7-7439-48C6-989F-5E22CB4D3044", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "72C4B203-565A-43BC-9800-274060CE23F2", versionEndExcluding: "1.0.2.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8500:-:*:*:*:*:*:*:*", matchCriteriaId: "63500DE4-BDBD-4F86-AB99-7DB084D0B912", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "57314D03-64B1-4973-9D36-5D22A71DBCBB", versionEndExcluding: "1.0.5.24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", matchCriteriaId: "0F859165-8D89-4CDD-9D48-9C7923D2261F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0DCE56F2-5A45-4B31-99EF-1D8455C71E5C", versionEndExcluding: "1.0.5.24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax120_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B697A877-214C-4701-AA9B-FE9C23FDBCEB", versionEndExcluding: "1.0.1.136", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax120:-:*:*:*:*:*:*:*", matchCriteriaId: "1742BD56-84E4-40E1-8C04-098B3715161E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax15_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CC5225D5-96AD-43EE-BAA3-37B7FEF97E86", versionEndExcluding: "1.0.1.64", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax15:-:*:*:*:*:*:*:*", matchCriteriaId: "B624B4D3-BCF4-4F95-B401-A88BEC3145A5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "33505A97-35DB-4EFD-9D47-EA03057C8FFD", versionEndExcluding: "1.0.1.64", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax20:-:*:*:*:*:*:*:*", matchCriteriaId: "7038703C-C79D-4DD4-8B16-E1A5FC6694C0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "29FB835A-73C6-4F5D-A0F0-C37914B706E7", versionEndExcluding: "1.0.5.24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:*", matchCriteriaId: "58EB0F2F-FB5C-47D9-9AE6-087AE517B3F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax35_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CD0FE36F-5D34-4872-8A2F-DC5B4710E807", versionEndExcluding: "1.0.3.80", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax35:-:*:*:*:*:*:*:*", matchCriteriaId: "4201E4D6-4DDF-4EF3-902A-960DFFF7C9A4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "785CFF3A-013C-4068-B98E-9B0FAA02BB33", versionEndExcluding: "1.0.3.80", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax40:-:*:*:*:*:*:*:*", matchCriteriaId: "13D54346-4B03-4296-B050-04EB8CFCA732", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax45_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5A3B894E-E712-477A-9960-30AFAB2C35CF", versionEndExcluding: "1.0.2.64", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax45:-:*:*:*:*:*:*:*", matchCriteriaId: "4B08BD69-CDCC-4CEB-B887-4E47D2B45D26", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A71AE85C-74C4-42C1-BF54-89B6EC38C707", versionEndExcluding: "1.0.2.64", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax50:-:*:*:*:*:*:*:*", matchCriteriaId: "C430976E-24C0-4EA7-BF54-F9C188AB9C01", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ADDF0077-E02C-4DDA-A84E-DF3A0237FC66", versionEndExcluding: "1.0.3.102", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:*", matchCriteriaId: "1BAA74D7-36A1-4494-96A2-BD0D2D6BF22F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax80_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "81DF924F-FDA4-4588-B8A3-6F18ABBD4976", versionEndExcluding: "1.0.3.102", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax80:-:*:*:*:*:*:*:*", matchCriteriaId: "06B5A85C-3588-4263-B9AD-4E56D3F6CB16", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk12_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9EC30751-F447-45A7-8C57-B73042869EA5", versionEndExcluding: "2.6.1.44", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk12:-:*:*:*:*:*:*:*", matchCriteriaId: "D5465A78-4826-4F72-9CBE-528CBF286A79", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr10_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8246B8D3-8455-43B1-B0FA-F677B8FF84F5", versionEndExcluding: "2.6.1.44", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr10:-:*:*:*:*:*:*:*", matchCriteriaId: "5DADAA79-9A5C-4B6F-A58D-704ACD1C3334", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs10_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "28DA498C-B466-422E-BAD2-A1F9A15B157F", versionEndExcluding: "2.6.1.44", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs10:-:*:*:*:*:*:*:*", matchCriteriaId: "32BAB5C0-F645-4A90-833F-6345335FA1AF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E72FDDB4-0802-467B-A255-06C8CE1A0B92", versionEndExcluding: "2.6.1.38", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk20:-:*:*:*:*:*:*:*", matchCriteriaId: "E6C9F31C-3E12-4787-9C9B-14883D9D152A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C80BEFF8-7094-4F21-B9E7-EE5C8B9DF3B3", versionEndExcluding: "2.6.1.36", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*", matchCriteriaId: "AE5DBD66-9C2A-4EFF-87AB-03E791D584B5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "04F03BE5-1440-4BC4-B902-97E702ED0ADF", versionEndExcluding: "2.6.1.38", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*", matchCriteriaId: "14FC7F5B-7E4F-4A68-8427-D1F553EBE8CA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "09631703-25CD-40CB-80A8-AADD43939507", versionEndExcluding: "2.6.1.38", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk40:-:*:*:*:*:*:*:*", matchCriteriaId: "12DDD83C-6FF1-433F-ACA1-7B4B147F9A8C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "01A3914A-ABAC-4227-BCA1-DB0AAD559494", versionEndExcluding: "2.6.1.38", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:*", matchCriteriaId: "A9E20E59-2B1E-4E43-A494-2C20FD716D4F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A32769CF-7D0A-4A3F-AF20-6202CA0C6870", versionEndExcluding: "2.6.1.38", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*", matchCriteriaId: "6FDCDE39-0355-43B9-BF57-F3718DA2988D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A0E3BFCB-BFF8-4722-BE48-5FA93CACD3AD", versionEndExcluding: "2.6.1.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk50:-:*:*:*:*:*:*:*", matchCriteriaId: "8BA66D07-D017-49D6-8E72-5C48E940DE1B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "39D6318D-F5A2-4469-B508-075F2825F0FA", versionEndExcluding: "2.6.1.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*", matchCriteriaId: "B2CAEA32-6934-4743-9E6B-22D52AC5E7F8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1F44708A-C946-4E0F-9D6C-A91AFB4C9EF3", versionEndExcluding: "2.6.1.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*", matchCriteriaId: "3BCFD959-D522-4FA0-AD01-2937DAEE1EDF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk752_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FDD03FFF-ECAF-4527-A195-559DF479A0F2", versionEndExcluding: "3.2.16.6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk752:-:*:*:*:*:*:*:*", matchCriteriaId: "A45832BD-114D-42F1-B9F1-7532496D30A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr750_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "05A46FA9-5DC8-4408-B4C2-AD5F1CABE7C1", versionEndExcluding: "3.2.16.6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr750:-:*:*:*:*:*:*:*", matchCriteriaId: "C13F5C69-FA9B-472A-9036-0C2967BDCDE9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs750_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2C144D71-6C10-44CD-BFF9-907A92F0432C", versionEndExcluding: "3.2.16.6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs750:-:*:*:*:*:*:*:*", matchCriteriaId: "B529194C-C440-4BC3-850F-0613FC548F86", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk842_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F5C6DF5F-FEFB-4A30-87CC-379E726AE181", versionEndExcluding: "3.2.16.6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk842:-:*:*:*:*:*:*:*", matchCriteriaId: "0E9B19B2-5FF1-4C85-8504-C33C34F072B1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr840_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "451C5603-927A-4EB9-BF9D-150FE16A48F8", versionEndExcluding: "3.2.16.6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr840:-:*:*:*:*:*:*:*", matchCriteriaId: "4489CB05-A1C0-408C-8D8C-56EE98CA20E8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs840_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4B22B149-BD16-42A0-BB1D-DEF483F6B5E1", versionEndExcluding: "3.2.16.6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs840:-:*:*:*:*:*:*:*", matchCriteriaId: "84AEA27B-8BEA-4E83-819A-FDAC1881928F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk852_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B66A716A-7EC5-4F9B-853A-36C0D1AA3BFE", versionEndExcluding: "3.2.16.6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk852:-:*:*:*:*:*:*:*", matchCriteriaId: "14F257FE-31CE-4F74-829D-29407D74ADF7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr850_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FE13548D-0A26-45C1-8424-D4705EB105EA", versionEndExcluding: "3.2.16.6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr850:-:*:*:*:*:*:*:*", matchCriteriaId: "D92E4C8E-222A-476C-8273-F7171FC61F0B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs850_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "041D94DE-78C9-475C-9FAE-0B081C69B55F", versionEndExcluding: "3.2.16.6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs850:-:*:*:*:*:*:*:*", matchCriteriaId: "221CA950-E984-44CD-9E1B-3AADE3CEBE52", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs40v_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4187AE9D-C676-4C41-8DFF-8FDC65D2475C", versionEndExcluding: "2.5.1.6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs40v:-:*:*:*:*:*:*:*", matchCriteriaId: "F0D05F28-47A2-46AE-992E-132B34F6194B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs40v-200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FCFCED24-A687-4C5E-BE2E-60C2189254CF", versionEndExcluding: "1.0.0.46", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs40v-200:-:*:*:*:*:*:*:*", matchCriteriaId: "935C7519-678D-4C40-BD35-3F281890C7C0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs50y_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E9E75105-CB35-4983-8CC0-98699AAA63BE", versionEndExcluding: "2.6.1.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs50y:-:*:*:*:*:*:*:*", matchCriteriaId: "27F93A76-6EFF-4DA6-9129-4792E2C125D4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbw30_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "993FD563-493C-460C-B379-E02A90295434", versionEndExcluding: "2.5.0.4", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbw30:-:*:*:*:*:*:*:*", matchCriteriaId: "FEA73D22-970D-45F2-81F3-9576C04CCC94", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rs400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "921A8CFC-D86E-4674-998E-31F4F956B5DC", versionEndExcluding: "1.5.0.48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rs400:-:*:*:*:*:*:*:*", matchCriteriaId: "2700644E-0940-4D05-B3CA-904D91739E58", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn2500rpv2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C9FCAF1C-DB77-402B-98D2-8C3FE7DBA8FF", versionEndExcluding: "1.0.1.56", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn2500rpv2:-:*:*:*:*:*:*:*", matchCriteriaId: "65FACC9E-3E0E-4416-9280-706F4FCE436A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn3000rpv3_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E605C33E-0339-4248-9010-D1728C47861A", versionEndExcluding: "1.0.2.86", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn3000rpv3:-:*:*:*:*:*:*:*", matchCriteriaId: "958243A2-6829-464F-80EA-7DD5B6F0DD7A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn3500rpv1_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6F357E3F-EDEB-4110-80AD-2061BB9CA066", versionEndExcluding: "1.0.0.28", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn3500rpv1:-:*:*:*:*:*:*:*", matchCriteriaId: "F68F9615-B36A-45BA-8296-390321C050C0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3400v3_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6803A2E5-5BCE-4DE6-A0EB-3463C81FAD0C", versionEndExcluding: "1.0.1.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3400v3:-:*:*:*:*:*:*:*", matchCriteriaId: "37F227D8-332F-4D24-BAEA-AA5DB3E3EC95", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr1000v3_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5464DA45-2B33-430F-A16E-B1FE072B1376", versionEndExcluding: "1.0.2.78", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr1000v3:-:*:*:*:*:*:*:*", matchCriteriaId: "252E5C7B-EF02-4374-A43E-02FAA9E697D0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "01374C4A-4D12-4E77-AF7C-459C32C3579B", versionEndExcluding: "1.2.0.12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000v2:-:*:*:*:*:*:*:*", matchCriteriaId: "31247E55-E754-46D0-9A46-B0D319C21221", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:xr300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D71EDB94-370B-46C3-A14E-3F3FB130DD49", versionEndExcluding: "1.0.3.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:xr300:-:*:*:*:*:*:*:*", matchCriteriaId: "5590CF28-B88A-4755-904B-1BC1778FBEDD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:xr450_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "051E8D2A-0EB0-43A7-9AAA-8519B8CC7FE0", versionEndExcluding: "2.3.2.66", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:xr450:-:*:*:*:*:*:*:*", matchCriteriaId: "66B9CE4D-D1EC-4F55-8226-D159CF5F3AB6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0BCFB551-95C6-4EEF-83F0-4246F67E6668", versionEndExcluding: "2.3.2.66", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:*", matchCriteriaId: "9E203D92-F97B-4F5B-B395-3A5DEDBF1C1C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:xr700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "89AB672D-DD24-483E-B69D-7E46AF199483", versionEndExcluding: "1.0.1.34", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:xr700:-:*:*:*:*:*:*:*", matchCriteriaId: "E12892C8-5E01-49A6-BF47-09D630377093", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, CBK40 before 2.5.0.10, CBR40 before 2.5.0.10, D6000 before 1.0.0.80, D6220 before 1.0.0.60, D6400 before 1.0.0.94, D7000v2 before 1.0.0.62, D7800 before 1.0.3.48, D8500 before 1.0.3.50, DC112A before 1.0.0.48, DGN2200v4 before 1.0.0.114, DM200 before 1.0.0.66, EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX2700 before 1.0.1.58, EX3110 before 1.0.1.68, EX3700 before 1.0.0.84, EX3800 before 1.0.0.84, EX3920 before 1.0.0.84, EX6000 before 1.0.0.44, EX6100v2 before 1.0.1.94, EX6110 before 1.0.1.68, EX6120 before 1.0.0.54, EX6130 before 1.0.0.36, EX6150v1 before 1.0.0.46, EX6150v2 before 1.0.1.94, EX6200v1 before 1.0.3.94, EX6250 before 1.0.0.128, EX6400 before 1.0.2.152, EX6400v2 before 1.0.0.128, EX6410 before 1.0.0.128, EX6920 before 1.0.0.54, EX7000 before 1.0.1.90, EX7300 before 1.0.2.152, EX7300v2 before 1.0.0.128, EX7320 before 1.0.0.128, EX7500 before 1.0.0.68, EX7700 before 1.0.0.210, EX8000 before 1.0.1.224, MK62 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, R6120 before 1.0.0.70, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6250 before 1.0.4.42, R6260 before 1.1.0.76, R6300v2 before 1.0.4.42, R6330 before 1.1.0.76, R6350 before 1.1.0.76, R6400v1 before 1.0.1.62, R6400v2 before 1.0.4.98, R6700v1 before 1.0.2.16, R6700v2 before 1.2.0.72, R6700v3 before 1.0.4.98, R6800 before 1.2.0.72, R6800 before 1.2.0.72, R6850 before 1.1.0.76, R6900 before 1.0.2.16, R6900P before 1.3.2.124, R6900v2 before 1.2.0.72, R7000 before 1.0.11.106, R7000P before 1.3.2.124, R7100LG before 1.0.0.56, R7200 before 1.2.0.72, R7350 before 1.2.0.72, R7400 before 1.2.0.72, R7450 before 1.2.0.72, R7500v2 before 1.0.3.48, R7800 before 1.0.2.74, R7850 before 1.0.5.60, R7900 before 1.0.4.26, R7900P before 1.4.1.62, R7960P before 1.4.1.62, R8000 before 1.0.4.58, R8000P before 1.4.1.62, R8300 before 1.0.2.134, R8500 before 1.0.2.134, R8900 before 1.0.5.24, R9000 before 1.0.5.24, RAX120 before 1.0.1.136, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX200 before 1.0.5.24, RAX35 before 1.0.3.80, RAX40 before 1.0.3.80, RAX45 before 1.0.2.64, RAX50 before 1.0.2.64, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK12 before 2.6.1.44, RBR10 before 2.6.1.44, RBS10 before 2.6.1.44, RBK20 before 2.6.1.38, RBR20 before 2.6.1.36, RBS20 before 2.6.1.38, RBK40 before 2.6.1.38, RBR40 before 2.6.1.38, RBS40 before 2.6.1.38, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK842 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBS40V before 2.5.1.6, RBS40V-200 before 1.0.0.46, RBS50Y before 2.6.1.40, RBW30 before 2.5.0.4, RS400 before 1.5.0.48, WN2500RPv2 before 1.0.1.56, WN3000RPv3 before 1.0.2.86, WN3500RPv1 before 1.0.0.28, WNDR3400v3 before 1.0.1.32, WNR1000v3 before 1.0.2.78, WNR2000v2 before 1.2.0.12, XR300 before 1.0.3.50, XR450 before 2.3.2.66, XR500 before 2.3.2.66, and XR700 before 1.0.1.34.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por una configuración incorrecta de los ajustes de seguridad. Esto afecta a AC2100 versiones < 1.2.0.72, AC2400 versiones < 1.2.0.72, AC2600 versiones < 1.2.0.72, CBK40 versiones < 2.5.0.10, CBR40 versiones < 2.5.0.10, D6000 versiones < 1.0.0.80, D6220 versiones < 1.0.0.60, D6400 versiones < 1.0.0.94, D7000v2 versiones < 1.0.0.62, D7800 versiones < 1.0.3.48, D8500 versiones < 1.0.3.50, DC112A versiones < 1.0.0.48, DGN2200v4 versiones < 1.0.0.114, DM200 versiones < 1.0.0.66, EAX20 versiones < 1.0.0.36, EAX80 versiones < 1.0.1.62, EX2700 versiones < 1.0.1.58, EX3110 versiones < 1.0.1.68, EX3700 versiones < 1.0.0.84, EX3800 versiones < 1.0.0.84, EX3920 versiones < 1.0.0.84, EX6000 versiones < 1.0.0.44, EX6100v2 versiones < 1.0.1.94, EX6110 versiones < 1.0.1.68, EX6120 versiones < 1.0. 0.54, EX6130 versiones < 1.0.0.36, EX6150v1 versiones < 1.0.0.46, EX6150v2 versiones < 1.0.1.94, EX6200v1 versiones < 1.0.3.94, EX6250 versiones < 1.0.0.128, EX6400 versiones < 1.0.2.152, EX6400v2 versiones < 1.0.0.128, EX6410 versiones < 1.0.0.128, EX6920 versiones < 1.0.0.54, EX7000 versiones < 1.0.1.90, EX7300 versiones < 1.0.2.152, EX7300v2 versiones < 1.0.0.128, EX7320 versiones < 1.0.0.128, EX7500 versiones < 1.0.0.68, EX7700 versiones < 1.0.0.210, EX8000 antes e 1.0.1.224, MK62 versiones < 1.0.5.102, MR60 versiones < 1.0.5.102, MS60 versiones < 1.0.5.102, R6120 versiones < 1.0.0.70, R6220 versiones < 1.1.0.100, R6230 versiones < 1.1.0.100, R6250 versiones < 1.0.4.42, R6260 versiones < 1.1 .0.76, R6300v2 versiones < 1.0.4.42, R6330 versiones < 1.1.0.76, R6350 versiones < 1.1.0.76, R6400v1 versiones < 1.0.1.62, R6400v2 versiones < 1.0.4.98, R6700v1 versiones < 1.0.2.16, R6700v2 versiones < 1.2.0.72, R6700v3 versiones < 1.0.4.98, R6800 versiones < 1.2.0.72, R6800 antes 1.2.0.72, R6850 versiones < 1.1.0.76, R6900 versiones < 1.0.2.16, R6900P versiones < 1.3.2.124, R6900v2 versiones < 1.2.0.72, R7000 versiones < 1.0.11.106, R7000P versiones < 1.3.2.124, R7100LG versiones < 1.0.0.56, R7200 versiones < 1.2. 0.72, R7350 versiones < 1.2.0.72, R7400 versiones < 1.2.0.72, R7450 versiones < 1.2.0.72, R7500v2 versiones < 1.0.3.48, R7800 versiones < 1.0.2.74, R7850 versiones < 1.0.5.60, R7900 versiones < 1.0.4.26, R7900P versiones < 1.4.1.62, R7960P versiones < 1.4.1.62, R8000 versiones < 1.0.4.58, R8000P versiones < 1.4.1.62, R8300 versiones < 1.0.2.134, R8500 versiones < 1.0.2.134, R8900 versiones < 1.0.5.24, R9000 versiones < 1.0.5.24, RAX120 versiones < 1.0.1.136, RAX15 versiones < 1.0.1.64, RAX20 versiones < 1.0.1.64, RAX200 versiones < 1.0.5.24, RAX35 versiones < 1.0.3.80, RAX40 versiones < 1.0.3.80, RAX45 versiones < 1.0.2.64, RAX50 versiones < 1.0.2.64, RAX75 versiones < 1.0.3.102, RAX80 versiones < 1.0. 3.102, RB K12 versiones < 2.6.1.44, RBR10 versiones < 2.6.1.44, RBS10 versiones < 2.6.1.44, RBK20 versiones < 2.6.1.38, RBR20 versiones < 2.6.1.36, RBS20 versiones < 2.6.1.38, RBK40 versiones < 2.6.1.38, RBR40 versiones < 2.6.1.38, RBS40 antes 2.6.1.38, RBK50 versiones < 2.6.1.40, RBR50 versiones < 2.6.1.40, RBS50 versiones < 2.6.1.40, RBK752 versiones < 3.2.16.6, RBR750 versiones < 3.2.16.6, RBS750 versiones < 3.2.16.6, RBK842 versiones < 3.2.16.6, RBR840 versiones < 3.2. 16.6, RBS840 versiones < 3.2.16.6, RBK852 versiones < 3.2.16.6, RBR850 versiones < 3.2.16.6, RBS850 versiones < 3.2.16.6, RBS40V versiones < 2.5.1.6, RBS40V-200 versiones < 1.0.0.46, RBS50Y versiones < 2.6.1.40, RBW30 versiones < 2.5. 0.4, RS400 versiones < 1.5.0.48, WN2500RPv2 versiones < 1.0.1.56, WN3000RPv3 versiones < 1.0.2.86, WN3500RPv1 versiones < 1.0.0.28, WNDR3400v3 versiones < 1.0.1.32, WNR1000v3 versiones < 1.0.2.78, WNR2000v2 versiones < 1.2.0.12, XR30", }, ], id: "CVE-2020-35800", lastModified: "2024-11-21T05:28:08.620", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 9.7, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 9.5, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 9.4, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.5, source: "cve@mitre.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 9.4, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-12-30T00:15:14.410", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000062733/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Range-Extenders-and-Orbi-WiFi-Systems-PSV-2020-0112", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000062733/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Range-Extenders-and-Orbi-WiFi-Systems-PSV-2020-0112", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-03-29 19:15
Modified
2024-11-21 06:56
Severity ?
Summary
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-15854.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:cax80_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6A7BD19F-A89B-4941-9422-E4FFBD76DBD2", versionEndExcluding: "2.1.3.7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:cax80:-:*:*:*:*:*:*:*", matchCriteriaId: "673A83EA-E359-4629-8B20-5382C15260B2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:lax20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BF0F2B55-DBD3-4762-92EA-A01D57277A9D", versionEndExcluding: "1.1.6.34", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:lax20:-:*:*:*:*:*:*:*", matchCriteriaId: "491CEB8D-22F3-4F86-96F0-03C5C58BA295", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:mr60_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A72582A2-5A44-4ED5-8497-FCAB59A125BE", versionEndExcluding: "1.1.6.124", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:mr60:-:*:*:*:*:*:*:*", matchCriteriaId: "65BB3ECD-2F0B-4625-A1DB-F6CEFC46E277", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:mr80_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6DC64FD2-5D52-4BA2-8A5B-8AC11BE06243", versionEndExcluding: "1.1.6.14", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:mr80:-:*:*:*:*:*:*:*", matchCriteriaId: "2A086E76-3F23-4C21-AC96-F11372A8A186", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ms60_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3F50C923-68DC-48EB-A41B-0D3F99B16E1F", versionEndExcluding: "1.1.6.124", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ms60:-:*:*:*:*:*:*:*", matchCriteriaId: "F003F064-591C-4D7C-9EC4-D0E553BC6683", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ms80_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "95E44445-7F76-4CD6-91AC-CEBC46DFA587", versionEndExcluding: "1.1.6.14", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ms80:-:*:*:*:*:*:*:*", matchCriteriaId: "DE1A0669-790A-4EE7-A0DC-6E1023D6B4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A41218DC-3A06-4582-A8B8-0320F76F3DFC", versionEndExcluding: "1.0.1.78", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6400:-:*:*:*:*:*:*:*", matchCriteriaId: "3E4CDF6B-3829-44D0-9675-71D7BE83CAA2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AFC79CFE-9036-472C-AB28-FF293BBE1780", versionEndExcluding: "1.0.4.126", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6400:v2:*:*:*:*:*:*:*", matchCriteriaId: "52AE9AD2-BC8D-477D-A3D3-891AE52FA5F3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "169E2D0D-7D18-4AF1-8683-346BD1069DC1", versionEndExcluding: "1.0.4.126", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6700:v3:*:*:*:*:*:*:*", matchCriteriaId: "5A09A9E8-8C77-4EDB-9483-B3C540EF083A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E52E9373-C896-405F-9CEC-2E8707B249F5", versionEndExcluding: "1.3.3.148", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*", matchCriteriaId: "C41908FF-AE64-4949-80E3-BEE061B2DA8A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5376DD03-0DDD-4B0C-A185-EC226515B32A", versionEndExcluding: "1.0.11.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*", matchCriteriaId: "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5D67D8C3-98DA-4B7D-BA7D-AB5F13E627F9", versionEndExcluding: "1.3.3.148", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*", matchCriteriaId: "DFE55F4D-E98B-46D3-B870-041141934CD1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7850_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8EA99A24-E836-40F4-BF61-C4489E3713F0", versionEndExcluding: "1.0.5.84", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7850:-:*:*:*:*:*:*:*", matchCriteriaId: "DAF94D73-B6D0-4334-9A41-83AA92B7C6DF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7900p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CBD3DCC5-342C-4E66-8BFB-545C2D375A81", versionEndExcluding: "1.4.3.88", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7900p:-:*:*:*:*:*:*:*", matchCriteriaId: "F3D6A70D-66AF-4064-9F1B-4358D4B1F016", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "150CF98F-A933-4CF2-A4FF-5AF15A9E1E18", versionEndExcluding: "1.4.3.88", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:*", matchCriteriaId: "091CEDB5-0069-4253-86D8-B9FE17CB9F24", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "72325BC2-C9AC-4B24-865E-662BDF05BD99", versionEndExcluding: "1.0.4.84", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*", matchCriteriaId: "5B39F095-8FE8-43FD-A866-7B613B495984", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "994D00CD-350B-4059-9C51-BF843C72B45E", versionEndExcluding: "1.4.3.88", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:*", matchCriteriaId: "F7EF872D-2537-4FEB-8799-499FC9D44339", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8EE6DCC3-C225-45A3-A6D0-52BA730EC285", versionEndExcluding: "1.0.2.158", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8500:-:*:*:*:*:*:*:*", matchCriteriaId: "63500DE4-BDBD-4F86-AB99-7DB084D0B912", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax15_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2D60F61B-2487-46D7-8B93-4035147AA0AB", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax15:-:*:*:*:*:*:*:*", matchCriteriaId: "B624B4D3-BCF4-4F95-B401-A88BEC3145A5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "35AE4A8C-19CF-44B0-83F1-F3386305B3E3", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax20:-:*:*:*:*:*:*:*", matchCriteriaId: "7038703C-C79D-4DD4-8B16-E1A5FC6694C0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C706F152-6163-4276-B608-C4AF196E070F", versionEndExcluding: "1.0.6.138", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:*", matchCriteriaId: "58EB0F2F-FB5C-47D9-9AE6-087AE517B3F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax35_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CF8ED09D-C874-45EB-AD84-1DB0129C55EC", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax35:v2:*:*:*:*:*:*:*", matchCriteriaId: "972BB714-8869-42C6-95F6-2C15AFA65716", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax38_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "59C7B1AC-0329-48A9-87AD-596C0EC7B3C6", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax38:v2:*:*:*:*:*:*:*", matchCriteriaId: "8306FEBE-ED60-47F0-AB49-E629018D7C33", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "04DAEBC1-A1A3-4329-AD32-D41E6576A9DA", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax40:v2:*:*:*:*:*:*:*", matchCriteriaId: "DD5F8B3F-C0D0-496C-A235-A467EA578C28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax42_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "756EAEA3-3DC5-4F2F-8C92-29C12FCEAE2C", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax42:-:*:*:*:*:*:*:*", matchCriteriaId: "D83182AB-E726-4371-B092-FA1920408FED", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax43_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "28B1B071-C0AD-46AA-8B3D-AF32D71E088C", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax43:-:*:*:*:*:*:*:*", matchCriteriaId: "178BB386-F66C-4CE8-9283-37D22B304691", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax45_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "97147D06-DBE4-420F-AF06-604C74710080", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax45:-:*:*:*:*:*:*:*", matchCriteriaId: "4B08BD69-CDCC-4CEB-B887-4E47D2B45D26", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax48_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6F540D5F-F4F5-47B1-B76F-C18004395596", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax48:-:*:*:*:*:*:*:*", matchCriteriaId: "09E50F2A-C46C-4875-84AB-04AA00BFA53F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3E1737CE-683A-4A8D-9DDC-9BCF1822ABCF", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax50:-:*:*:*:*:*:*:*", matchCriteriaId: "C430976E-24C0-4EA7-BF54-F9C188AB9C01", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax50s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F282A9F3-E07C-44EB-A21A-462A3DEDAB39", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax50s:-:*:*:*:*:*:*:*", matchCriteriaId: "DBB69710-DA7E-4011-A61A-BA40462A041F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E301ACAC-E217-4329-8A32-83946E61999E", versionEndExcluding: "1.0.6.138", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:*", matchCriteriaId: "1BAA74D7-36A1-4494-96A2-BD0D2D6BF22F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax80_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F8028906-D5AB-4CE6-8431-844E6F98B9AD", versionEndExcluding: "1.0.6.138", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax80:-:*:*:*:*:*:*:*", matchCriteriaId: "06B5A85C-3588-4263-B9AD-4E56D3F6CB16", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rs400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3BC7E8C9-62BD-45E2-8A7A-D29A6150622A", versionEndExcluding: "1.5.1.86", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rs400:-:*:*:*:*:*:*:*", matchCriteriaId: "2700644E-0940-4D05-B3CA-904D91739E58", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7100lg_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B98293B5-C804-4ED5-8344-12AA02E933CB", versionEndExcluding: "1.0.0.76", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7100lg:-:*:*:*:*:*:*:*", matchCriteriaId: "366FA778-3C2A-42AF-9141-DAD7043B406C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-15854.", }, ], id: "CVE-2022-27642", lastModified: "2024-11-21T06:56:04.887", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "zdi-disclosures@trendmicro.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-03-29T19:15:08.407", references: [ { source: "zdi-disclosures@trendmicro.com", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327", }, { source: "zdi-disclosures@trendmicro.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-518/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-518/", }, ], sourceIdentifier: "zdi-disclosures@trendmicro.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-863", }, ], source: "zdi-disclosures@trendmicro.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-08-11 00:17
Modified
2024-11-21 06:17
Severity ?
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.76, R6260 before 1.1.0.78, R6700v2 before 1.2.0.76, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, RAX35 before 1.0.3.62, and RAX40 before 1.0.3.62.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d6200_firmware | * | |
| netgear | d6200 | - | |
| netgear | d7000_firmware | * | |
| netgear | d7000 | - | |
| netgear | r6020_firmware | * | |
| netgear | r6020 | - | |
| netgear | r6080_firmware | * | |
| netgear | r6080 | - | |
| netgear | r6120_firmware | * | |
| netgear | r6120 | - | |
| netgear | r6260_firmware | * | |
| netgear | r6260 | - | |
| netgear | r6700_firmware | * | |
| netgear | r6700 | v2 | |
| netgear | r6800_firmware | * | |
| netgear | r6800 | - | |
| netgear | r6900_firmware | * | |
| netgear | r6900 | v2 | |
| netgear | r6850_firmware | * | |
| netgear | r6850 | - | |
| netgear | r7200_firmware | * | |
| netgear | r7200 | - | |
| netgear | r7350_firmware | * | |
| netgear | r7350 | - | |
| netgear | r7400_firmware | * | |
| netgear | r7400 | - | |
| netgear | r7450_firmware | * | |
| netgear | r7450 | - | |
| netgear | ac2100_firmware | * | |
| netgear | ac2100 | - | |
| netgear | ac2400_firmware | * | |
| netgear | ac2400 | - | |
| netgear | ac2600_firmware | * | |
| netgear | ac2600 | - | |
| netgear | rax35_firmware | * | |
| netgear | rax35 | - | |
| netgear | rax40_firmware | * | |
| netgear | rax40 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "59BF957E-F3B6-41A5-A36C-8C0CF3B417D0", versionEndExcluding: "1.1.00.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6200:-:*:*:*:*:*:*:*", matchCriteriaId: "00E6A1B7-4732-4259-9B71-10FF0B56A16B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C539CF50-2AC3-45F9-8F69-FA2F50FAD92D", versionEndExcluding: "1.0.1.78", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7000:-:*:*:*:*:*:*:*", matchCriteriaId: "AF04B65B-9685-4595-9C71-0F77AD7109BE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6020_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6EC58A4B-E061-49ED-BB2D-E0497846DBEE", versionEndExcluding: "1.0.0.48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6020:-:*:*:*:*:*:*:*", matchCriteriaId: "5DDA7ABF-4C4B-4945-993A-F93BD8FCB55E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6080_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AF9D1B97-7FF8-45D9-BFD6-72554BBB6008", versionEndExcluding: "1.0.0.48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6080:-:*:*:*:*:*:*:*", matchCriteriaId: "1CEB5C49-53CF-44AE-9A7D-E7E6201BFE62", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6120_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B373C515-681A-4D80-9BFD-5E2DFD6F2DF0", versionEndExcluding: "1.0.0.76", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6120:-:*:*:*:*:*:*:*", matchCriteriaId: "D18D2CCD-424F-41D5-919B-E22B9FA68D36", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6260_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "33824B9B-1224-484A-AFF4-953573F299C6", versionEndExcluding: "1.1.0.78", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6260:-:*:*:*:*:*:*:*", matchCriteriaId: "3C395D49-57F9-4BC1-8619-57127355B86B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E0FCF958-2F6A-4B79-B307-2FE23B7CE8FC", versionEndExcluding: "1.2.0.76", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6700:v2:*:*:*:*:*:*:*", matchCriteriaId: "9F9706E6-CA53-43E4-91B0-D52655C86860", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EA434604-4916-4830-A96B-CEC0C8E5A1A0", versionEndExcluding: "1.2.0.76", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6800:-:*:*:*:*:*:*:*", matchCriteriaId: "09404083-B00B-4C1F-8085-BC242E625CA3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9E9457F1-F5E8-43CA-8697-3849E140B0CC", versionEndExcluding: "1.2.0.76", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6900:v2:*:*:*:*:*:*:*", matchCriteriaId: "2E8EB69B-6619-47B6-A073-D0B840D4EB0B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6850_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "612DAD20-761D-41D5-A6AB-AA9975847D34", versionEndExcluding: "1.1.0.78", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6850:-:*:*:*:*:*:*:*", matchCriteriaId: "598B48C5-4706-4431-8C5A-DA496DD1052F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4D95583A-EC79-41FF-9496-DAB19A1A34DB", versionEndExcluding: "1.2.0.76", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7200:-:*:*:*:*:*:*:*", matchCriteriaId: "FECB83F9-D417-4FD3-B293-87BC177E3AEB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7350_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "53B1B947-2E36-463C-848F-C5F5C0A5ECAF", versionEndExcluding: "1.2.0.76", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7350:-:*:*:*:*:*:*:*", matchCriteriaId: "AFD1A65C-F10F-4C52-8B6D-69992E512EB5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2A188F6E-5296-4511-97F2-9328B1E1F6CF", versionEndExcluding: "1.2.0.76", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7400:-:*:*:*:*:*:*:*", matchCriteriaId: "1F68AC3B-A31F-4AB0-89E9-BFFDE427AD3B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7450_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "33043216-4563-4195-88D7-93446302ECD1", versionEndExcluding: "1.2.0.76", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7450:-:*:*:*:*:*:*:*", matchCriteriaId: "6DA5420D-DD64-4A9C-9B5F-784F0ED2B464", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ac2100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8AB0B236-6BC6-4E99-8792-6B01BD591D3A", versionEndExcluding: "1.2.0.76", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ac2100:-:*:*:*:*:*:*:*", matchCriteriaId: "A80B06A1-81B5-4C33-89F6-EC3F6E3068B5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ac2400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2B01C772-D1D4-41F1-A33D-72A6A672502A", versionEndExcluding: "1.2.0.76", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ac2400:-:*:*:*:*:*:*:*", matchCriteriaId: "6B25A18F-DD96-45FE-B098-71E60CB0FFFE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ac2600_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BA359610-21DC-41C4-9430-8406B34490EB", versionEndExcluding: "1.2.0.76", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ac2600:-:*:*:*:*:*:*:*", matchCriteriaId: "2BFCD9A8-1846-48C4-9F14-3866E983FB74", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax35_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AD29688A-89F2-49A5-B9D9-6AFC0EA6CB49", versionEndExcluding: "1.0.3.62", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax35:-:*:*:*:*:*:*:*", matchCriteriaId: "4201E4D6-4DDF-4EF3-902A-960DFFF7C9A4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1B269F15-F70A-4F6C-90AD-025EBB497C1B", versionEndExcluding: "1.0.3.62", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax40:-:*:*:*:*:*:*:*", matchCriteriaId: "13D54346-4B03-4296-B050-04EB8CFCA732", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.76, R6260 before 1.1.0.78, R6700v2 before 1.2.0.76, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, RAX35 before 1.0.3.62, and RAX40 before 1.0.3.62.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por un ataque de tipo XSS almacenado. Esto afecta a D6200 versiones anteriores a 1.1.00.40, D7000 versiones anteriores a 1.0.1.78, R6020 versiones anteriores a 1.0.0.48, R6080 versiones anteriores a 1.0.0.48, R6120 versiones anteriores a 1.0.0.76, R6260 versiones anteriores a 1.1.0.78, R6700v2 versiones anteriores a 1.2.0.76, R6800 versiones anteriores a 1.2.0.76, R6900v2 versiones anteriores a 1.2.0. 76, R6850 versiones anteriores a 1.1.0.78, R7200 versiones anteriores a 1.2.0.76, R7350 versiones anteriores a 1.2.0.76, R7400 versiones anteriores a 1.2.0.76, R7450 versiones anteriores a 1.2.0.76, AC2100 versiones anteriores a 1.2.0.76, AC2400 versiones anteriores a 1.2.0.76, AC2600 versiones anteriores a 1.2.0.76, RAX35 versiones anteriores a 1.0.3.62 y RAX40 versiones anteriores a 1.0.3.62", }, ], id: "CVE-2021-38535", lastModified: "2024-11-21T06:17:22.190", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 2.7, source: "cve@mitre.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-08-11T00:17:26.993", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000063773/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Gateways-PSV-2019-0192", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000063773/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Gateways-PSV-2019-0192", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
var-202108-1662
Vulnerability from variot
Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.76, R6260 before 1.1.0.78, R6700v2 before 1.2.0.76, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, RAX35 before 1.0.3.62, and RAX40 before 1.0.3.62. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and information may be tampered with. This affects D6200 prior to 1.1.00.40, D7000 prior to 1.0.1.78, R6020 prior to 1.0.0.48, R6080 prior to 1.0.0.48, R6120 prior to 1.0.0.76, R6260 prior to 1.1.0.78, R6700v2 prior to 1.2.0.76, R6800 prior to 1.2.0.76, R6900v2 prior to 1.2.0.76, R6850 prior to 1.1.0.78, R7200 prior to 1.2.0.76, R7350 prior to 1.2.0.76, R7400 prior to 1.2.0.76, R7450 prior to 1.2.0.76, AC2100 prior to 1.2.0.76, AC2400 prior to 1.2.0.76, AC2600 prior to 1.2.0.76, RAX35 prior to 1.0.3.62, and RAX40 prior to 1.0.3.62
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202108-1662", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r7200", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.0.76", }, { model: "ac2100", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.0.76", }, { model: "r6900", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.0.76", }, { model: "d7000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.78", }, { model: "rax40", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.62", }, { model: "r7400", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.0.76", }, { model: "r7350", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.0.76", }, { model: "r6020", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.48", }, { model: "r6260", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.78", }, { model: "r6800", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.0.76", }, { model: "r6850", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.78", }, { model: "r6120", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.76", }, { model: "r7450", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.0.76", }, { model: "d6200", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.00.40", }, { model: "ac2600", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.0.76", }, { model: "r6700", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.0.76", }, { model: "ac2400", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.0.76", }, { model: "rax35", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.62", }, { model: "r6080", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.48", }, { model: "d7000", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r6020", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r6850", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r6700", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r6080", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r6800", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r6120", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r6900", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r6260", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "d6200", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-010451", }, { db: "NVD", id: "CVE-2021-38535", }, ], }, cve: "CVE-2021-38535", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", exploitabilityScore: 6.8, id: "CVE-2021-38535", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "LOW", trust: 1.9, vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 1.7, id: "CVE-2021-38535", impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 1.2, id: "CVE-2021-38535", impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 4.8, baseSeverity: "Medium", confidentialityImpact: "Low", exploitabilityScore: null, id: "CVE-2021-38535", impactScore: null, integrityImpact: "Low", privilegesRequired: "High", scope: "Changed", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2021-38535", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2021-38535", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "CVE-2021-38535", trust: 0.8, value: "Medium", }, { author: "CNNVD", id: "CNNVD-202108-944", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2021-38535", trust: 0.1, value: "LOW", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2021-38535", }, { db: "JVNDB", id: "JVNDB-2021-010451", }, { db: "CNNVD", id: "CNNVD-202108-944", }, { db: "NVD", id: "CVE-2021-38535", }, { db: "NVD", id: "CVE-2021-38535", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.76, R6260 before 1.1.0.78, R6700v2 before 1.2.0.76, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, RAX35 before 1.0.3.62, and RAX40 before 1.0.3.62. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and information may be tampered with. This affects D6200 prior to 1.1.00.40, D7000 prior to 1.0.1.78, R6020 prior to 1.0.0.48, R6080 prior to 1.0.0.48, R6120 prior to 1.0.0.76, R6260 prior to 1.1.0.78, R6700v2 prior to 1.2.0.76, R6800 prior to 1.2.0.76, R6900v2 prior to 1.2.0.76, R6850 prior to 1.1.0.78, R7200 prior to 1.2.0.76, R7350 prior to 1.2.0.76, R7400 prior to 1.2.0.76, R7450 prior to 1.2.0.76, AC2100 prior to 1.2.0.76, AC2400 prior to 1.2.0.76, AC2600 prior to 1.2.0.76, RAX35 prior to 1.0.3.62, and RAX40 prior to 1.0.3.62", sources: [ { db: "NVD", id: "CVE-2021-38535", }, { db: "JVNDB", id: "JVNDB-2021-010451", }, { db: "VULMON", id: "CVE-2021-38535", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-38535", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2021-010451", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202108-944", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-38535", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2021-38535", }, { db: "JVNDB", id: "JVNDB-2021-010451", }, { db: "CNNVD", id: "CNNVD-202108-944", }, { db: "NVD", id: "CVE-2021-38535", }, ], }, id: "VAR-202108-1662", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.32696482363636364, }, last_update_date: "2024-08-14T15:17:07.779000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Stored Cross Site Scripting on Some Routers and Gateways, PSV-2019-0192", trust: 0.8, url: "https://kb.netgear.com/000063773/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Gateways-PSV-2019-0192", }, { title: "Netgear NETGEAR Fixes for cross-site scripting vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=159338", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-010451", }, { db: "CNNVD", id: "CNNVD-202108-944", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-79", trust: 1, }, { problemtype: "Cross-site scripting (CWE-79) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-010451", }, { db: "NVD", id: "CVE-2021-38535", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://kb.netgear.com/000063773/security-advisory-for-stored-cross-site-scripting-on-some-routers-and-gateways-psv-2019-0192", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-38535", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/79.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2021-38535", }, { db: "JVNDB", id: "JVNDB-2021-010451", }, { db: "CNNVD", id: "CNNVD-202108-944", }, { db: "NVD", id: "CVE-2021-38535", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2021-38535", }, { db: "JVNDB", id: "JVNDB-2021-010451", }, { db: "CNNVD", id: "CNNVD-202108-944", }, { db: "NVD", id: "CVE-2021-38535", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-08-11T00:00:00", db: "VULMON", id: "CVE-2021-38535", }, { date: "2022-07-01T00:00:00", db: "JVNDB", id: "JVNDB-2021-010451", }, { date: "2021-08-10T00:00:00", db: "CNNVD", id: "CNNVD-202108-944", }, { date: "2021-08-11T00:17:26.993000", db: "NVD", id: "CVE-2021-38535", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-08-19T00:00:00", db: "VULMON", id: "CVE-2021-38535", }, { date: "2022-07-01T06:13:00", db: "JVNDB", id: "JVNDB-2021-010451", }, { date: "2021-08-26T00:00:00", db: "CNNVD", id: "CNNVD-202108-944", }, { date: "2021-08-19T16:42:59.740000", db: "NVD", id: "CVE-2021-38535", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202108-944", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Cross-site scripting vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2021-010451", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "XSS", sources: [ { db: "CNNVD", id: "CNNVD-202108-944", }, ], trust: 0.6, }, }
var-202012-1175
Vulnerability from variot
plural NETGEAR An unspecified vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state.
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202012-1175", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "rax40", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.80", }, { model: "d6220", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.60", }, { model: "ex3920", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.84", }, { model: "ex7000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.90", }, { model: "ms60", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.5.102", }, { model: "d6000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.80", }, { model: "ex6100v2", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.94", }, { model: "r6250", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.42", }, { model: "r7400", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.0.72", }, { model: "rbr50", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.1.40", }, { model: "r6900", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.16", }, { model: "ex6920", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.54", }, { model: "rbr40", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.1.38", }, { model: "r7350", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.0.72", }, { model: "mk62", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.5.102", }, { model: "rbs850", scope: "lt", trust: 1, vendor: "netgear", version: "3.2.16.6", }, { model: "rbk50", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.1.40", }, { model: "rbk12", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.1.44", }, { model: "ex6000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.44", }, { model: "cbk40", scope: "lt", trust: 1, vendor: "netgear", version: "2.5.0.10", }, { model: "ex7300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.152", }, { model: "rax120", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.136", }, { model: "rbs10", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.1.44", }, { model: "ex6410", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.128", }, { model: "rbs750", scope: "lt", trust: 1, vendor: "netgear", version: "3.2.16.6", }, { model: "rbs50y", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.1.40", }, { model: "wnr1000v3", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.78", }, { model: "rax200", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.5.24", }, { model: "rax75", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.102", }, { model: "rbr850", scope: "lt", trust: 1, vendor: "netgear", version: "3.2.16.6", }, { model: "ex6150v1", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.46", }, { model: "r6230", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.100", }, { model: "r8500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.134", }, { model: "r9000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.5.24", }, { model: "eax80", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.62", }, { model: "r6400v1", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.62", }, { model: "dm200", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.66", }, { model: "r7800", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.74", }, { model: "d7800", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.48", }, { model: "ac2100", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.0.72", }, { model: "ex2700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.58", }, { model: "r7900", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.26", }, { model: "r6300v2", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.42", }, { model: "xr300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.50", }, { model: "ex7700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.210", }, { model: "wnr2000v2", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.0.12", }, { model: "rax50", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.64", }, { model: "r6260", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.76", }, { model: "r8900", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.5.24", }, { model: "rbk20", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.1.38", }, { model: "wndr3400v3", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.32", }, { model: "ex6110", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.68", }, { model: "ex6200v1", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.94", }, { model: "r6120", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.70", }, { model: "rbr20", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.1.36", }, { model: "xr700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.34", }, { model: "ex3110", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.68", }, { model: "ex7500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.68", }, { model: "d7000v2", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.62", }, { model: "xr500", scope: "lt", trust: 1, vendor: "netgear", version: "2.3.2.66", }, { model: "rbr840", scope: "lt", trust: 1, vendor: "netgear", version: "3.2.16.6", }, { model: "r7960p", scope: "lt", trust: 1, vendor: "netgear", version: "1.4.1.62", }, { model: "r6700v3", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.98", }, { model: "ex3800", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.84", }, { model: "ac2600", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.0.72", }, { model: "ex6250", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.128", }, { model: "ex8000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.224", }, { model: "ac2400", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.0.72", }, { model: "cbr40", scope: "lt", trust: 1, vendor: "netgear", version: "2.5.0.10", }, { model: "rax20", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.64", }, { model: "rbs20", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.1.38", }, { model: "rbs50", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.1.40", }, { model: "r6330", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.76", }, { model: "rbk852", scope: "lt", trust: 1, vendor: "netgear", version: "3.2.16.6", }, { model: "r8000p", scope: "lt", trust: 1, vendor: "netgear", version: "1.4.1.62", }, { model: "r7500v2", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.48", }, { model: "r6800", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.0.72", }, { model: "r6900p", scope: "lt", trust: 1, vendor: "netgear", version: "1.3.2.124", }, { model: "xr450", scope: "lt", trust: 1, vendor: "netgear", version: "2.3.2.66", }, { model: "rs400", scope: "lt", trust: 1, vendor: "netgear", version: "1.5.0.48", }, { model: "r6900v2", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.0.72", }, { model: "r6350", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.76", }, { model: "dc112a", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.48", }, { model: "ex3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.84", }, { model: "ex6400v2", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.128", }, { model: "ex6130", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.36", }, { model: "ex7320", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.128", }, { model: "r8300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.134", }, { model: "ex6400", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.152", }, { model: "r7000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.11.106", }, { model: "r6400v2", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.98", }, { model: "rbs40v-200", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.46", }, { model: "ex6120", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.54", }, { model: "r7850", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.5.60", }, { model: "wn2500rpv2", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.56", }, { model: "mr60", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.5.102", }, { model: "eax20", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.36", }, { model: "r6700v1", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.16", }, { model: "rbk842", scope: "lt", trust: 1, vendor: "netgear", version: "3.2.16.6", }, { model: "wn3000rpv3", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.86", }, { model: "rbr750", scope: "lt", trust: 1, vendor: "netgear", version: "3.2.16.6", }, { model: "r7200", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.0.72", }, { model: "r6700v2", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.0.72", }, { model: "rbw30", scope: "lt", trust: 1, vendor: "netgear", version: "2.5.0.4", }, { model: "d6400", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.94", }, { model: "ex7300v2", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.128", }, { model: "rbs40v", scope: "lt", trust: 1, vendor: "netgear", version: "2.5.1.6", }, { model: "r8000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.58", }, { model: "r7100lg", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.56", }, { model: "rax80", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.102", }, { model: "wn3500rpv1", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.28", }, { model: "rax45", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.64", }, { model: "rbk40", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.1.38", }, { model: "ex6150v2", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.94", }, { model: "dgn2200v4", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.114", }, { model: "rbs40", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.1.38", }, { model: "rax15", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.64", }, { model: "rbk752", scope: "lt", trust: 1, vendor: "netgear", version: "3.2.16.6", }, { model: "r6220", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.100", }, { model: "rax35", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.80", }, { model: "r6850", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.76", }, { model: "r7450", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.0.72", }, { model: "rbs840", scope: "lt", trust: 1, vendor: "netgear", version: "3.2.16.6", }, { model: "r7900p", scope: "lt", trust: 1, vendor: "netgear", version: "1.4.1.62", }, { model: "d8500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.50", }, { model: "r7000p", scope: "lt", trust: 1, vendor: "netgear", version: "1.3.2.124", }, { model: "rbr10", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.1.44", }, { model: "d6000", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ac2600", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "d7000v2", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ac2400", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "d6220", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "d7800", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ac2100", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "cbk40", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "d6400", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "cbr40", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-015016", }, { db: "NVD", id: "CVE-2020-35800", }, ], }, cve: "CVE-2020-35800", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 9.7, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CVE-2020-35800", impactScore: 9.5, integrityImpact: "COMPLETE", severity: "HIGH", trust: 1.8, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "LOW", baseScore: 9.4, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2020-35800", impactScore: 5.5, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 2, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "OTHER", availabilityImpact: "Low", baseScore: 9.4, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2020-015016", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2020-35800", trust: 1, value: "CRITICAL", }, { author: "cve@mitre.org", id: "CVE-2020-35800", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "CVE-2020-35800", trust: 0.8, value: "Critical", }, { author: "CNNVD", id: "CNNVD-202012-1740", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-015016", }, { db: "CNNVD", id: "CNNVD-202012-1740", }, { db: "NVD", id: "CVE-2020-35800", }, { db: "NVD", id: "CVE-2020-35800", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR An unspecified vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state.", sources: [ { db: "JVNDB", id: "JVNDB-2020-015016", }, ], trust: 0.8, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-35800", trust: 2.4, }, { db: "JVNDB", id: "JVNDB-2020-015016", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202012-1740", trust: 0.6, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-015016", }, { db: "CNNVD", id: "CNNVD-202012-1740", }, { db: "NVD", id: "CVE-2020-35800", }, ], }, id: "VAR-202012-1175", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.4047866293478262, }, last_update_date: "2024-11-23T22:51:09.418000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Security Misconfiguration on Some Routers, Range Extenders, and Orbi WiFi Systems, PSV-2020-0112", trust: 0.8, url: "https://kb.netgear.com/000062733/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Range-Extenders-and-Orbi-WiFi-Systems-PSV-2020-0112", }, { title: "Certain NETGEAR devices Repair measures for default configuration problems", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=138265", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-015016", }, { db: "CNNVD", id: "CNNVD-202012-1740", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, { problemtype: "Lack of information (CWE-noinfo) [NVD Evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-015016", }, { db: "NVD", id: "CVE-2020-35800", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://kb.netgear.com/000062733/security-advisory-for-security-misconfiguration-on-some-routers-range-extenders-and-orbi-wifi-systems-psv-2020-0112", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2020-35800", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-015016", }, { db: "CNNVD", id: "CNNVD-202012-1740", }, { db: "NVD", id: "CVE-2020-35800", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "JVNDB", id: "JVNDB-2020-015016", }, { db: "CNNVD", id: "CNNVD-202012-1740", }, { db: "NVD", id: "CVE-2020-35800", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-09-07T00:00:00", db: "JVNDB", id: "JVNDB-2020-015016", }, { date: "2020-12-29T00:00:00", db: "CNNVD", id: "CNNVD-202012-1740", }, { date: "2020-12-30T00:15:14.410000", db: "NVD", id: "CVE-2020-35800", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-09-07T09:06:00", db: "JVNDB", id: "JVNDB-2020-015016", }, { date: "2021-01-12T00:00:00", db: "CNNVD", id: "CNNVD-202012-1740", }, { date: "2024-11-21T05:28:08.620000", db: "NVD", id: "CVE-2020-35800", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202012-1740", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2020-015016", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Default configuration problem", sources: [ { db: "CNNVD", id: "CNNVD-202012-1740", }, ], trust: 0.6, }, }
var-202108-1581
Vulnerability from variot
Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.66, R6260 before 1.1.0.78, R6700v2 before 1.2.0.76, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, RAX35 before 1.0.3.62, and RAX40 before 1.0.3.62. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and information may be tampered with. This affects D6200 prior to 1.1.00.40, D7000 prior to 1.0.1.78, R6020 prior to 1.0.0.48, R6080 prior to 1.0.0.48, R6120 prior to 1.0.0.66, R6260 prior to 1.1.0.78, R6700v2 prior to 1.2.0.76, R6800 prior to 1.2.0.76, R6900v2 prior to 1.2.0.76, R6850 prior to 1.1.0.78, R7200 prior to 1.2.0.76, R7350 prior to 1.2.0.76, R7400 prior to 1.2.0.76, R7450 prior to 1.2.0.76, AC2100 prior to 1.2.0.76, AC2400 prior to 1.2.0.76, AC2600 prior to 1.2.0.76, RAX35 prior to 1.0.3.62, and RAX40 prior to 1.0.3.62
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202108-1581", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r7200", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.0.76", }, { model: "r6120", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.66", }, { model: "ac2100", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.0.76", }, { model: "r6900", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.0.76", }, { model: "d7000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.78", }, { model: "rax40", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.62", }, { model: "r7400", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.0.76", }, { model: "r7350", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.0.76", }, { model: "r6020", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.48", }, { model: "r6260", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.78", }, { model: "r6800", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.0.76", }, { model: "r6850", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.78", }, { model: "r7450", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.0.76", }, { model: "d6200", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.00.40", }, { model: "ac2600", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.0.76", }, { model: "r6700", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.0.76", }, { model: "ac2400", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.0.76", }, { model: "rax35", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.62", }, { model: "r6080", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.48", }, { model: "d7000", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r6020", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r6850", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r6700", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r6080", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r6800", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r6120", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r6900", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r6260", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "d6200", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-010440", }, { db: "NVD", id: "CVE-2021-38536", }, ], }, cve: "CVE-2021-38536", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", exploitabilityScore: 6.8, id: "CVE-2021-38536", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "LOW", trust: 1.9, vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 1.7, id: "CVE-2021-38536", impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 1.2, id: "CVE-2021-38536", impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 4.8, baseSeverity: "Medium", confidentialityImpact: "Low", exploitabilityScore: null, id: "CVE-2021-38536", impactScore: null, integrityImpact: "Low", privilegesRequired: "High", scope: "Changed", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2021-38536", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2021-38536", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "CVE-2021-38536", trust: 0.8, value: "Medium", }, { author: "CNNVD", id: "CNNVD-202108-943", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2021-38536", trust: 0.1, value: "LOW", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2021-38536", }, { db: "JVNDB", id: "JVNDB-2021-010440", }, { db: "CNNVD", id: "CNNVD-202108-943", }, { db: "NVD", id: "CVE-2021-38536", }, { db: "NVD", id: "CVE-2021-38536", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.66, R6260 before 1.1.0.78, R6700v2 before 1.2.0.76, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, RAX35 before 1.0.3.62, and RAX40 before 1.0.3.62. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and information may be tampered with. This affects D6200 prior to 1.1.00.40, D7000 prior to 1.0.1.78, R6020 prior to 1.0.0.48, R6080 prior to 1.0.0.48, R6120 prior to 1.0.0.66, R6260 prior to 1.1.0.78, R6700v2 prior to 1.2.0.76, R6800 prior to 1.2.0.76, R6900v2 prior to 1.2.0.76, R6850 prior to 1.1.0.78, R7200 prior to 1.2.0.76, R7350 prior to 1.2.0.76, R7400 prior to 1.2.0.76, R7450 prior to 1.2.0.76, AC2100 prior to 1.2.0.76, AC2400 prior to 1.2.0.76, AC2600 prior to 1.2.0.76, RAX35 prior to 1.0.3.62, and RAX40 prior to 1.0.3.62", sources: [ { db: "NVD", id: "CVE-2021-38536", }, { db: "JVNDB", id: "JVNDB-2021-010440", }, { db: "VULMON", id: "CVE-2021-38536", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-38536", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2021-010440", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202108-943", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-38536", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2021-38536", }, { db: "JVNDB", id: "JVNDB-2021-010440", }, { db: "CNNVD", id: "CNNVD-202108-943", }, { db: "NVD", id: "CVE-2021-38536", }, ], }, id: "VAR-202108-1581", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.32696482363636364, }, last_update_date: "2024-08-14T15:42:46.330000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Stored Cross Site Scripting on Some Routers and Gateways, PSV-2019-0193", trust: 0.8, url: "https://kb.netgear.com/000063774/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Gateways-PSV-2019-0193", }, { title: "Netgear NETGEAR Fixes for cross-site scripting vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=159337", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-010440", }, { db: "CNNVD", id: "CNNVD-202108-943", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-79", trust: 1, }, { problemtype: "Cross-site scripting (CWE-79) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-010440", }, { db: "NVD", id: "CVE-2021-38536", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://kb.netgear.com/000063774/security-advisory-for-stored-cross-site-scripting-on-some-routers-and-gateways-psv-2019-0193", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-38536", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/79.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2021-38536", }, { db: "JVNDB", id: "JVNDB-2021-010440", }, { db: "CNNVD", id: "CNNVD-202108-943", }, { db: "NVD", id: "CVE-2021-38536", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2021-38536", }, { db: "JVNDB", id: "JVNDB-2021-010440", }, { db: "CNNVD", id: "CNNVD-202108-943", }, { db: "NVD", id: "CVE-2021-38536", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-08-11T00:00:00", db: "VULMON", id: "CVE-2021-38536", }, { date: "2022-07-01T00:00:00", db: "JVNDB", id: "JVNDB-2021-010440", }, { date: "2021-08-10T00:00:00", db: "CNNVD", id: "CNNVD-202108-943", }, { date: "2021-08-11T00:17:31.773000", db: "NVD", id: "CVE-2021-38536", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-08-19T00:00:00", db: "VULMON", id: "CVE-2021-38536", }, { date: "2022-07-01T06:11:00", db: "JVNDB", id: "JVNDB-2021-010440", }, { date: "2021-08-26T00:00:00", db: "CNNVD", id: "CNNVD-202108-943", }, { date: "2021-08-19T16:17:59.127000", db: "NVD", id: "CVE-2021-38536", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202108-943", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Cross-site scripting vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2021-010440", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "XSS", sources: [ { db: "CNNVD", id: "CNNVD-202108-943", }, ], trust: 0.6, }, }
var-202203-1668
Vulnerability from variot
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-15854. cax80 firmware, LAX20 firmware, MR60 Multiple Netgear products, including firmware, contain vulnerabilities related to unauthorized authentication.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202203-1668", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "lax20", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.6.34", }, { model: "r6700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.126", }, { model: "rax42", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "r6400", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.126", }, { model: "rax50s", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "rax48", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "r6400", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.78", }, { model: "r7960p", scope: "lt", trust: 1, vendor: "netgear", version: "1.4.3.88", }, { model: "r8000p", scope: "lt", trust: 1, vendor: "netgear", version: "1.4.3.88", }, { model: "r7100lg", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.76", }, { model: "rax75", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.6.138", }, { model: "mr80", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.6.14", }, { model: "ms80", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.6.14", }, { model: "mr60", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.6.124", }, { model: "rax80", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.6.138", }, { model: "r7850", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.5.84", }, { model: "rax40", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "rs400", scope: "lt", trust: 1, vendor: "netgear", version: "1.5.1.86", }, { model: "r8500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.158", }, { model: "rax20", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "ms60", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.6.124", }, { model: "r7000p", scope: "lt", trust: 1, vendor: "netgear", version: "1.3.3.148", }, { model: "rax38", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "r7000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.11.134", }, { model: "r7900p", scope: "lt", trust: 1, vendor: "netgear", version: "1.4.3.88", }, { model: "r6900p", scope: "lt", trust: 1, vendor: "netgear", version: "1.3.3.148", }, { model: "rax43", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "cax80", scope: "lt", trust: 1, vendor: "netgear", version: "2.1.3.7", }, { model: "r8000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.84", }, { model: "rax50", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "rax15", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "rax200", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.6.138", }, { model: "rax35", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "rax45", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "r7960p", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r8000", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ms80", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "mr80", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "lax20", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r7850", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r6700", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r6400", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r8500", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "mr60", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r6900p", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r7000p", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rax20", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "cax80", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ms60", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r7900p", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r7000", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rax15", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r8000p", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r6700v3", scope: null, trust: 0.7, vendor: "netgear", version: null, }, ], sources: [ { db: "ZDI", id: "ZDI-22-518", }, { db: "JVNDB", id: "JVNDB-2022-021793", }, { db: "NVD", id: "CVE-2022-27642", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Bugscale team", sources: [ { db: "ZDI", id: "ZDI-22-518", }, { db: "CNNVD", id: "CNNVD-202203-2054", }, ], trust: 1.3, }, cve: "CVE-2022-27642", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "zdi-disclosures@trendmicro.com", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.8, id: "CVE-2022-27642", impactScore: 3.4, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2022-27642", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 8.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2022-27642", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "ZDI", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.8, id: "CVE-2022-27642", impactScore: 3.4, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 0.7, userInteraction: "NONE", vectorString: "AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, ], severity: [ { author: "zdi-disclosures@trendmicro.com", id: "CVE-2022-27642", trust: 1, value: "MEDIUM", }, { author: "nvd@nist.gov", id: "CVE-2022-27642", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2022-27642", trust: 0.8, value: "High", }, { author: "ZDI", id: "CVE-2022-27642", trust: 0.7, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202203-2054", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "ZDI", id: "ZDI-22-518", }, { db: "JVNDB", id: "JVNDB-2022-021793", }, { db: "CNNVD", id: "CNNVD-202203-2054", }, { db: "NVD", id: "CVE-2022-27642", }, { db: "NVD", id: "CVE-2022-27642", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-15854. cax80 firmware, LAX20 firmware, MR60 Multiple Netgear products, including firmware, contain vulnerabilities related to unauthorized authentication.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2022-27642", }, { db: "JVNDB", id: "JVNDB-2022-021793", }, { db: "ZDI", id: "ZDI-22-518", }, { db: "VULMON", id: "CVE-2022-27642", }, ], trust: 2.34, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-27642", trust: 4, }, { db: "ZDI", id: "ZDI-22-518", trust: 3.2, }, { db: "JVNDB", id: "JVNDB-2022-021793", trust: 0.8, }, { db: "ZDI_CAN", id: "ZDI-CAN-15854", trust: 0.7, }, { db: "CS-HELP", id: "SB2022032410", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202203-2054", trust: 0.6, }, { db: "VULMON", id: "CVE-2022-27642", trust: 0.1, }, ], sources: [ { db: "ZDI", id: "ZDI-22-518", }, { db: "VULMON", id: "CVE-2022-27642", }, { db: "JVNDB", id: "JVNDB-2022-021793", }, { db: "CNNVD", id: "CNNVD-202203-2054", }, { db: "NVD", id: "CVE-2022-27642", }, ], }, id: "VAR-202203-1668", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.3421560347368421, }, last_update_date: "2024-08-14T13:42:55.887000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "NETGEAR has issued an update to correct this vulnerability.", trust: 0.7, url: "https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327", }, { title: "NETGEAR R6700v3 Repair measures for information disclosure vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=232028", }, ], sources: [ { db: "ZDI", id: "ZDI-22-518", }, { db: "CNNVD", id: "CNNVD-202203-2054", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-863", trust: 1, }, { problemtype: "Illegal authentication (CWE-863) [ others ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-021793", }, { db: "NVD", id: "CVE-2022-27642", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 3.2, url: "https://kb.netgear.com/000064723/security-advisory-for-multiple-vulnerabilities-on-multiple-products-psv-2021-0327", }, { trust: 3.2, url: "https://www.zerodayinitiative.com/advisories/zdi-22-518/", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2022-27642", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-27642/", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2022032410", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/863.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "ZDI", id: "ZDI-22-518", }, { db: "VULMON", id: "CVE-2022-27642", }, { db: "JVNDB", id: "JVNDB-2022-021793", }, { db: "CNNVD", id: "CNNVD-202203-2054", }, { db: "NVD", id: "CVE-2022-27642", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "ZDI", id: "ZDI-22-518", }, { db: "VULMON", id: "CVE-2022-27642", }, { db: "JVNDB", id: "JVNDB-2022-021793", }, { db: "CNNVD", id: "CNNVD-202203-2054", }, { db: "NVD", id: "CVE-2022-27642", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-03-23T00:00:00", db: "ZDI", id: "ZDI-22-518", }, { date: "2023-03-29T00:00:00", db: "VULMON", id: "CVE-2022-27642", }, { date: "2023-11-14T00:00:00", db: "JVNDB", id: "JVNDB-2022-021793", }, { date: "2022-03-23T00:00:00", db: "CNNVD", id: "CNNVD-202203-2054", }, { date: "2023-03-29T19:15:08.407000", db: "NVD", id: "CVE-2022-27642", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-03-23T00:00:00", db: "ZDI", id: "ZDI-22-518", }, { date: "2023-03-30T00:00:00", db: "VULMON", id: "CVE-2022-27642", }, { date: "2023-11-14T04:15:00", db: "JVNDB", id: "JVNDB-2022-021793", }, { date: "2023-04-06T00:00:00", db: "CNNVD", id: "CNNVD-202203-2054", }, { date: "2023-04-05T14:53:25.610000", db: "NVD", id: "CVE-2022-27642", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202203-2054", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Incorrect authentication vulnerability in multiple Netgear products", sources: [ { db: "JVNDB", id: "JVNDB-2022-021793", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "information disclosure", sources: [ { db: "CNNVD", id: "CNNVD-202203-2054", }, ], trust: 0.6, }, }
var-202203-1671
Vulnerability from variot
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the name or email field provided to libreadycloud.so. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15874. cax80 firmware, LAX20 firmware, MR60 For multiple Netgear products such as firmware, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202203-1671", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "lax20", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.6.34", }, { model: "r6700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.126", }, { model: "rax42", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "r6400", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.126", }, { model: "rax50s", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "rax48", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "r6400", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.78", }, { model: "r7960p", scope: "lt", trust: 1, vendor: "netgear", version: "1.4.3.88", }, { model: "r8000p", scope: "lt", trust: 1, vendor: "netgear", version: "1.4.3.88", }, { model: "r7100lg", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.76", }, { model: "rax75", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.6.138", }, { model: "mr80", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.6.14", }, { model: "ms80", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.6.14", }, { model: "mr60", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.6.124", }, { model: "rax80", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.6.138", }, { model: "r7850", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.5.84", }, { model: "rax40", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "rs400", scope: "lt", trust: 1, vendor: "netgear", version: "1.5.1.86", }, { model: "r8500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.158", }, { model: "rax20", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "ms60", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.6.124", }, { model: "r7000p", scope: "lt", trust: 1, vendor: "netgear", version: "1.3.3.148", }, { model: "rax38", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "r7000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.11.134", }, { model: "r7900p", scope: "lt", trust: 1, vendor: "netgear", version: "1.4.3.88", }, { model: "r6900p", scope: "lt", trust: 1, vendor: "netgear", version: "1.3.3.148", }, { model: "rax43", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "cax80", scope: "lt", trust: 1, vendor: "netgear", version: "2.1.3.7", }, { model: "r8000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.84", }, { model: "rax50", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "rax15", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "rax200", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.6.138", }, { model: "rax35", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "rax45", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "mr60", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "cax80", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ms80", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "mr80", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r8500", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r6400", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r7000", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rax20", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r8000", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r7900p", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r8000p", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ms60", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r6900p", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "lax20", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r7960p", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r6700", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rax15", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r7850", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r7000p", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r6700v3", scope: null, trust: 0.7, vendor: "netgear", version: null, }, ], sources: [ { db: "ZDI", id: "ZDI-22-524", }, { db: "JVNDB", id: "JVNDB-2022-022073", }, { db: "NVD", id: "CVE-2022-27647", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Bugscale team", sources: [ { db: "ZDI", id: "ZDI-22-524", }, { db: "CNNVD", id: "CNNVD-202203-2064", }, ], trust: 1.3, }, cve: "CVE-2022-27647", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "zdi-disclosures@trendmicro.com", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.1, id: "CVE-2022-27647", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1.8, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.1, id: "CVE-2022-27647", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "ZDI", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.1, id: "CVE-2022-27647", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 0.7, userInteraction: "NONE", vectorString: "AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "zdi-disclosures@trendmicro.com", id: "CVE-2022-27647", trust: 1, value: "HIGH", }, { author: "nvd@nist.gov", id: "CVE-2022-27647", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2022-27647", trust: 0.8, value: "High", }, { author: "ZDI", id: "CVE-2022-27647", trust: 0.7, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202203-2064", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "ZDI", id: "ZDI-22-524", }, { db: "JVNDB", id: "JVNDB-2022-022073", }, { db: "CNNVD", id: "CNNVD-202203-2064", }, { db: "NVD", id: "CVE-2022-27647", }, { db: "NVD", id: "CVE-2022-27647", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the name or email field provided to libreadycloud.so. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15874. cax80 firmware, LAX20 firmware, MR60 For multiple Netgear products such as firmware, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2022-27647", }, { db: "JVNDB", id: "JVNDB-2022-022073", }, { db: "ZDI", id: "ZDI-22-524", }, { db: "VULMON", id: "CVE-2022-27647", }, ], trust: 2.34, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-27647", trust: 4, }, { db: "ZDI", id: "ZDI-22-524", trust: 3.2, }, { db: "JVNDB", id: "JVNDB-2022-022073", trust: 0.8, }, { db: "ZDI_CAN", id: "ZDI-CAN-15874", trust: 0.7, }, { db: "CS-HELP", id: "SB2022032410", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202203-2064", trust: 0.6, }, { db: "VULMON", id: "CVE-2022-27647", trust: 0.1, }, ], sources: [ { db: "ZDI", id: "ZDI-22-524", }, { db: "VULMON", id: "CVE-2022-27647", }, { db: "JVNDB", id: "JVNDB-2022-022073", }, { db: "CNNVD", id: "CNNVD-202203-2064", }, { db: "NVD", id: "CVE-2022-27647", }, ], }, id: "VAR-202203-1671", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.3421560347368421, }, last_update_date: "2024-08-14T13:42:56.011000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "NETGEAR has issued an update to correct this vulnerability.", trust: 0.7, url: "https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327", }, { title: "NETGEAR R6700v3 Fixes for operating system command injection vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=231217", }, ], sources: [ { db: "ZDI", id: "ZDI-22-524", }, { db: "CNNVD", id: "CNNVD-202203-2064", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1, }, { problemtype: "OS Command injection (CWE-78) [ others ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-022073", }, { db: "NVD", id: "CVE-2022-27647", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 3.2, url: "https://kb.netgear.com/000064723/security-advisory-for-multiple-vulnerabilities-on-multiple-products-psv-2021-0327", }, { trust: 3.2, url: "https://www.zerodayinitiative.com/advisories/zdi-22-524/", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2022-27647", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-27647/", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2022032410", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/78.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "ZDI", id: "ZDI-22-524", }, { db: "VULMON", id: "CVE-2022-27647", }, { db: "JVNDB", id: "JVNDB-2022-022073", }, { db: "CNNVD", id: "CNNVD-202203-2064", }, { db: "NVD", id: "CVE-2022-27647", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "ZDI", id: "ZDI-22-524", }, { db: "VULMON", id: "CVE-2022-27647", }, { db: "JVNDB", id: "JVNDB-2022-022073", }, { db: "CNNVD", id: "CNNVD-202203-2064", }, { db: "NVD", id: "CVE-2022-27647", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-03-23T00:00:00", db: "ZDI", id: "ZDI-22-524", }, { date: "2023-03-29T00:00:00", db: "VULMON", id: "CVE-2022-27647", }, { date: "2023-11-15T00:00:00", db: "JVNDB", id: "JVNDB-2022-022073", }, { date: "2022-03-23T00:00:00", db: "CNNVD", id: "CNNVD-202203-2064", }, { date: "2023-03-29T19:15:08.773000", db: "NVD", id: "CVE-2022-27647", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-03-23T00:00:00", db: "ZDI", id: "ZDI-22-524", }, { date: "2023-03-30T00:00:00", db: "VULMON", id: "CVE-2022-27647", }, { date: "2023-11-15T03:22:00", db: "JVNDB", id: "JVNDB-2022-022073", }, { date: "2023-04-07T00:00:00", db: "CNNVD", id: "CNNVD-202203-2064", }, { date: "2023-04-06T15:05:39.393000", db: "NVD", id: "CVE-2022-27647", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202203-2064", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "in multiple NETGEAR products. OS Command injection vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2022-022073", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "operating system commend injection", sources: [ { db: "CNNVD", id: "CNNVD-202203-2064", }, ], trust: 0.6, }, }
var-202112-0541
Vulnerability from variot
A path traversal attack in web interfaces of Netgear RAX35, RAX38, and RAX40 routers before v1.0.4.102, allows a remote unauthenticated attacker to gain access to sensitive restricted information, such as forbidden files of the web application, via sending a specially crafted HTTP packet. Netgear RAX35 , RAX38 , RAX40 Routers contain a path traversal vulnerability.Information is obtained and service operation is interrupted (DoS) It may be in a state. Netgear RAX35 is a router from Netgear. A hardware device that connects two or more networks and acts as a gateway between the networks.
Netgear RAX35, RAX38 and RAX40 routers v1.0.4.102 and earlier versions of the firmware have an access control error vulnerability. The vulnerability stems from the network system or product improperly restricting access to resources from unauthorized roles
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0541", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "rax40", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.102", }, { model: "rax35", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.102", }, { model: "rax38", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.102", }, { model: "rax38", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rax35", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rax40", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rax35", scope: "lt", trust: 0.6, vendor: "netgear", version: "v1.0.4.102", }, { model: "rax38", scope: "lt", trust: 0.6, vendor: "netgear", version: "v1.0.4.102", }, { model: "rax40", scope: "lt", trust: 0.6, vendor: "netgear", version: "v1.0.4.102", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102000", }, { db: "JVNDB", id: "JVNDB-2021-016141", }, { db: "NVD", id: "CVE-2021-41449", }, ], }, cve: "CVE-2021-41449", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 3.6, confidentialityImpact: "PARTIAL", exploitabilityScore: 3.9, id: "CVE-2021-41449", impactScore: 4.9, integrityImpact: "NONE", severity: "LOW", trust: 1.9, vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 3.6, confidentialityImpact: "PARTIAL", exploitabilityScore: 3.9, id: "CNVD-2021-102000", impactScore: 4.9, integrityImpact: "NONE", severity: "LOW", trust: 0.6, vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, id: "CVE-2021-41449", impactScore: 5.2, integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 7.1, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-41449", impactScore: null, integrityImpact: "None", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2021-41449", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2021-41449", trust: 0.8, value: "High", }, { author: "CNVD", id: "CNVD-2021-102000", trust: 0.6, value: "LOW", }, { author: "CNNVD", id: "CNNVD-202112-732", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2021-41449", trust: 0.1, value: "LOW", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102000", }, { db: "VULMON", id: "CVE-2021-41449", }, { db: "JVNDB", id: "JVNDB-2021-016141", }, { db: "CNNVD", id: "CNNVD-202112-732", }, { db: "NVD", id: "CVE-2021-41449", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A path traversal attack in web interfaces of Netgear RAX35, RAX38, and RAX40 routers before v1.0.4.102, allows a remote unauthenticated attacker to gain access to sensitive restricted information, such as forbidden files of the web application, via sending a specially crafted HTTP packet. Netgear RAX35 , RAX38 , RAX40 Routers contain a path traversal vulnerability.Information is obtained and service operation is interrupted (DoS) It may be in a state. Netgear RAX35 is a router from Netgear. A hardware device that connects two or more networks and acts as a gateway between the networks. \n\r\n\r\nNetgear RAX35, RAX38 and RAX40 routers v1.0.4.102 and earlier versions of the firmware have an access control error vulnerability. The vulnerability stems from the network system or product improperly restricting access to resources from unauthorized roles", sources: [ { db: "NVD", id: "CVE-2021-41449", }, { db: "JVNDB", id: "JVNDB-2021-016141", }, { db: "CNVD", id: "CNVD-2021-102000", }, { db: "VULMON", id: "CVE-2021-41449", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-41449", trust: 3.9, }, { db: "JVNDB", id: "JVNDB-2021-016141", trust: 0.8, }, { db: "CNVD", id: "CNVD-2021-102000", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202112-732", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-41449", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102000", }, { db: "VULMON", id: "CVE-2021-41449", }, { db: "JVNDB", id: "JVNDB-2021-016141", }, { db: "CNNVD", id: "CNNVD-202112-732", }, { db: "NVD", id: "CVE-2021-41449", }, ], }, id: "VAR-202112-0541", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-102000", }, ], trust: 0.8276160566666666, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102000", }, ], }, last_update_date: "2024-11-23T22:10:57.447000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Path Traversal on Some Routers, PSV-2021-0268", trust: 0.8, url: "https://www.netgear.com/", }, { title: "Patch for Netgear Access Control Error Vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/310031", }, { title: "Netgear Repair measures for path traversal vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=174228", }, { title: "", trust: 0.1, url: "https://github.com/efchatz/easy-exploits ", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102000", }, { db: "VULMON", id: "CVE-2021-41449", }, { db: "JVNDB", id: "JVNDB-2021-016141", }, { db: "CNNVD", id: "CNNVD-202112-732", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-22", trust: 1, }, { problemtype: "Path traversal (CWE-22) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016141", }, { db: "NVD", id: "CVE-2021-41449", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.3, url: "http://netgear.com", }, { trust: 1.7, url: "https://kb.netgear.com/000064405/security-advisory-for-path-traversal-on-some-routers-psv-2021-0268", }, { trust: 1.7, url: "https://www.netgear.com/about/security/", }, { trust: 1.7, url: "http://rax40.com", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2021-41449", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/22.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://github.com/efchatz/easy-exploits", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102000", }, { db: "VULMON", id: "CVE-2021-41449", }, { db: "JVNDB", id: "JVNDB-2021-016141", }, { db: "CNNVD", id: "CNNVD-202112-732", }, { db: "NVD", id: "CVE-2021-41449", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-102000", }, { db: "VULMON", id: "CVE-2021-41449", }, { db: "JVNDB", id: "JVNDB-2021-016141", }, { db: "CNNVD", id: "CNNVD-202112-732", }, { db: "NVD", id: "CVE-2021-41449", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-12-24T00:00:00", db: "CNVD", id: "CNVD-2021-102000", }, { date: "2021-12-09T00:00:00", db: "VULMON", id: "CVE-2021-41449", }, { date: "2022-12-07T00:00:00", db: "JVNDB", id: "JVNDB-2021-016141", }, { date: "2021-12-09T00:00:00", db: "CNNVD", id: "CNNVD-202112-732", }, { date: "2021-12-09T14:15:12.563000", db: "NVD", id: "CVE-2021-41449", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-12-24T00:00:00", db: "CNVD", id: "CNVD-2021-102000", }, { date: "2021-12-13T00:00:00", db: "VULMON", id: "CVE-2021-41449", }, { date: "2022-12-07T05:58:00", db: "JVNDB", id: "JVNDB-2021-016141", }, { date: "2021-12-14T00:00:00", db: "CNNVD", id: "CNNVD-202112-732", }, { date: "2024-11-21T06:26:16.017000", db: "NVD", id: "CVE-2021-41449", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202112-732", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural Netgear Path Traversal Vulnerability in Routers", sources: [ { db: "JVNDB", id: "JVNDB-2021-016141", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "path traversal", sources: [ { db: "CNNVD", id: "CNNVD-202112-732", }, ], trust: 0.6, }, }
var-202305-0221
Vulnerability from variot
NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the soap_serverd binary. When parsing SOAP message headers, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19839. This vulnerability information is available below JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Reported by: Zero Zero One Co., Ltd. Hayakawa Soraya MrAuthentication may be circumvented by a third party with access to the device. NETGEAR Rax35 is a wireless router from NETGEAR. The vulnerability is caused by a boundary error when the application processes untrusted input
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202305-0221", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "rax35", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rax38", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rax40", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rax30", scope: null, trust: 0.7, vendor: "netgear", version: null, }, { model: "rax35", scope: null, trust: 0.6, vendor: "netgear", version: null, }, ], sources: [ { db: "ZDI", id: "ZDI-23-499", }, { db: "CNVD", id: "CNVD-2024-24418", }, { db: "JVNDB", id: "JVNDB-2024-003119", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Claroty Research - Vera Mens, Noam Moshe, Uri Katz, Sharon Brizinov", sources: [ { db: "ZDI", id: "ZDI-23-499", }, ], trust: 0.7, }, cve: "CVE-2023-27368", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 8.3, confidentialityImpact: "COMPLETE", exploitabilityScore: 6.5, id: "CNVD-2024-24418", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:A/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "zdi-disclosures@trendmicro.com", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2023-27368", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "OTHER", availabilityImpact: "High", baseScore: 8.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2024-003119", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "ZDI", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2023-27368", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 0.7, userInteraction: "NONE", vectorString: "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "zdi-disclosures@trendmicro.com", id: "CVE-2023-27368", trust: 1, value: "HIGH", }, { author: "OTHER", id: "JVNDB-2024-003119", trust: 0.8, value: "High", }, { author: "ZDI", id: "CVE-2023-27368", trust: 0.7, value: "HIGH", }, { author: "CNVD", id: "CNVD-2024-24418", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "ZDI", id: "ZDI-23-499", }, { db: "CNVD", id: "CNVD-2024-24418", }, { db: "JVNDB", id: "JVNDB-2024-003119", }, { db: "NVD", id: "CVE-2023-27368", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within the soap_serverd binary. When parsing SOAP message headers, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19839. This vulnerability information is available below JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Reported by: Zero Zero One Co., Ltd. Hayakawa Soraya MrAuthentication may be circumvented by a third party with access to the device. NETGEAR Rax35 is a wireless router from NETGEAR. The vulnerability is caused by a boundary error when the application processes untrusted input", sources: [ { db: "NVD", id: "CVE-2023-27368", }, { db: "JVNDB", id: "JVNDB-2024-003119", }, { db: "ZDI", id: "ZDI-23-499", }, { db: "CNVD", id: "CNVD-2024-24418", }, { db: "VULMON", id: "CVE-2023-27368", }, ], trust: 2.88, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-27368", trust: 4, }, { db: "ZDI", id: "ZDI-23-499", trust: 1.8, }, { db: "JVNDB", id: "JVNDB-2024-003119", trust: 1.4, }, { db: "JVN", id: "JVNVU91883072", trust: 0.8, }, { db: "ZDI_CAN", id: "ZDI-CAN-19839", trust: 0.7, }, { db: "CNVD", id: "CNVD-2024-24418", trust: 0.6, }, { db: "VULMON", id: "CVE-2023-27368", trust: 0.1, }, ], sources: [ { db: "ZDI", id: "ZDI-23-499", }, { db: "CNVD", id: "CNVD-2024-24418", }, { db: "VULMON", id: "CVE-2023-27368", }, { db: "JVNDB", id: "JVNDB-2024-003119", }, { db: "NVD", id: "CVE-2023-27368", }, ], }, id: "VAR-202305-0221", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2024-24418", }, ], trust: 0.8276160566666666, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2024-24418", }, ], }, last_update_date: "2024-08-14T14:49:09.014000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security advisory regarding authentication bypass in some routers (PSV-2023-0166)", trust: 0.8, url: "https://kb.netgear.com/ja/000066096/", }, { title: "NETGEAR has issued an update to correct this vulnerability.", trust: 0.7, url: "https://kb.netgear.com/000065619/Security-Advisory-for-Multiple-Vulnerabilities-on-the-RAX30-PSV-2022-0348", }, { title: "Patch for NETGEAR RAX35 Buffer Overflow Vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/546311", }, ], sources: [ { db: "ZDI", id: "ZDI-23-499", }, { db: "CNVD", id: "CNVD-2024-24418", }, { db: "JVNDB", id: "JVNDB-2024-003119", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-121", trust: 1, }, { problemtype: "Stack-based buffer overflow (CWE-121) [ others ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2024-003119", }, { db: "NVD", id: "CVE-2023-27368", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://kb.netgear.com/000065619/security-advisory-for-multiple-vulnerabilities-on-the-rax30-psv-2022-0348", }, { trust: 1.1, url: "https://www.zerodayinitiative.com/advisories/zdi-23-499/", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu91883072/index.html", }, { trust: 0.8, url: "https://claroty.com/team82/disclosure-dashboard/cve-2023-27368", }, { trust: 0.6, url: "https://jvndb.jvn.jp/en/contents/2024/jvndb-2024-003119.html", }, ], sources: [ { db: "ZDI", id: "ZDI-23-499", }, { db: "CNVD", id: "CNVD-2024-24418", }, { db: "VULMON", id: "CVE-2023-27368", }, { db: "JVNDB", id: "JVNDB-2024-003119", }, { db: "NVD", id: "CVE-2023-27368", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "ZDI", id: "ZDI-23-499", }, { db: "CNVD", id: "CNVD-2024-24418", }, { db: "VULMON", id: "CVE-2023-27368", }, { db: "JVNDB", id: "JVNDB-2024-003119", }, { db: "NVD", id: "CVE-2023-27368", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-05-01T00:00:00", db: "ZDI", id: "ZDI-23-499", }, { date: "2024-05-29T00:00:00", db: "CNVD", id: "CNVD-2024-24418", }, { date: "2024-04-25T00:00:00", db: "JVNDB", id: "JVNDB-2024-003119", }, { date: "2024-05-03T02:15:15.417000", db: "NVD", id: "CVE-2023-27368", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-05-01T00:00:00", db: "ZDI", id: "ZDI-23-499", }, { date: "2024-05-27T00:00:00", db: "CNVD", id: "CNVD-2024-24418", }, { date: "2024-04-25T02:04:00", db: "JVNDB", id: "JVNDB-2024-003119", }, { date: "2024-05-03T12:50:34.250000", db: "NVD", id: "CVE-2023-27368", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "NETGEAR Buffer overflow vulnerability in Microsoft routers", sources: [ { db: "JVNDB", id: "JVNDB-2024-003119", }, ], trust: 0.8, }, }
var-202212-2397
Vulnerability from variot
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects RAX40 before 1.0.2.60, RAX35 before 1.0.2.60, R6400v2 before 1.0.4.122, R6700v3 before 1.0.4.122, R6900P before 1.3.3.152, R7000P before 1.3.3.152, R7000 before 1.0.11.136, R7960P before 1.4.4.94, and R8000P before 1.4.4.94. plural NETGEAR device Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects RAX40 prior to 1.0.2.60, RAX35 prior to 1.0.2.60, R6400v2 prior to 1.0.4.122, R6700v3 prior to 1.0.4.122, R6900P prior to 1.3.3.152, R7000P prior to 1.3.3.152, R7000 prior to 1.0.11.136, R7960P prior to 1.4.4.94, and R8000P prior to 1.4.4.94
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202212-2397", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "rax35", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.60", }, { model: "r6400v2", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.122", }, { model: "rax40", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.60", }, { model: "r6700v3", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.122", }, { model: "r7000p", scope: "lt", trust: 1, vendor: "netgear", version: "1.3.3.152", }, { model: "r7000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.11.136", }, { model: "r6900p", scope: "lt", trust: 1, vendor: "netgear", version: "1.3.3.152", }, { model: "r8000p", scope: "lt", trust: 1, vendor: "netgear", version: "1.4.4.94", }, { model: "r7960p", scope: "lt", trust: 1, vendor: "netgear", version: "1.4.4.94", }, { model: "rax40", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r6700v3", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r8000p", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rax35", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r6900p", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r7000", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r6400v2", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r7960p", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r7000p", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-004429", }, { db: "NVD", id: "CVE-2022-48196", }, ], }, cve: "CVE-2022-48196", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2022-48196", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "NONE", exploitabilityScore: 2.8, id: "CVE-2022-48196", impactScore: 4, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2022-48196", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2022-48196", trust: 1, value: "CRITICAL", }, { author: "cve@mitre.org", id: "CVE-2022-48196", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2022-48196", trust: 0.8, value: "Critical", }, { author: "CNNVD", id: "CNNVD-202212-4129", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-004429", }, { db: "CNNVD", id: "CNNVD-202212-4129", }, { db: "NVD", id: "CVE-2022-48196", }, { db: "NVD", id: "CVE-2022-48196", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects RAX40 before 1.0.2.60, RAX35 before 1.0.2.60, R6400v2 before 1.0.4.122, R6700v3 before 1.0.4.122, R6900P before 1.3.3.152, R7000P before 1.3.3.152, R7000 before 1.0.11.136, R7960P before 1.4.4.94, and R8000P before 1.4.4.94. plural NETGEAR device Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects RAX40 prior to 1.0.2.60, RAX35 prior to 1.0.2.60, R6400v2 prior to 1.0.4.122, R6700v3 prior to 1.0.4.122, R6900P prior to 1.3.3.152, R7000P prior to 1.3.3.152, R7000 prior to 1.0.11.136, R7960P prior to 1.4.4.94, and R8000P prior to 1.4.4.94", sources: [ { db: "NVD", id: "CVE-2022-48196", }, { db: "JVNDB", id: "JVNDB-2022-004429", }, { db: "VULMON", id: "CVE-2022-48196", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-48196", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2022-004429", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202212-4129", trust: 0.6, }, { db: "VULMON", id: "CVE-2022-48196", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2022-48196", }, { db: "JVNDB", id: "JVNDB-2022-004429", }, { db: "CNNVD", id: "CNNVD-202212-4129", }, { db: "NVD", id: "CVE-2022-48196", }, ], }, id: "VAR-202212-2397", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.30399921375, }, last_update_date: "2024-08-14T15:32:21.928000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Pre-Authentication Buffer Overflow on Some Routers, PSV-2019-0208", trust: 0.8, url: "https://kb.netgear.com/000065495/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2019-0208", }, { title: "Multiple NETGEAR product Security vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=220822", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-004429", }, { db: "CNNVD", id: "CNNVD-202212-4129", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-120", trust: 1, }, { problemtype: "Classic buffer overflow (CWE-120) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-004429", }, { db: "NVD", id: "CVE-2022-48196", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "https://www.bleepingcomputer.com/news/security/netgear-warns-users-to-patch-recently-fixed-wifi-router-bug/", }, { trust: 1.7, url: "https://kb.netgear.com/000065495/security-advisory-for-pre-authentication-buffer-overflow-on-some-routers-psv-2019-0208", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2022-48196", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-48196/", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2022-48196", }, { db: "JVNDB", id: "JVNDB-2022-004429", }, { db: "CNNVD", id: "CNNVD-202212-4129", }, { db: "NVD", id: "CVE-2022-48196", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2022-48196", }, { db: "JVNDB", id: "JVNDB-2022-004429", }, { db: "CNNVD", id: "CNNVD-202212-4129", }, { db: "NVD", id: "CVE-2022-48196", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-12-30T00:00:00", db: "VULMON", id: "CVE-2022-48196", }, { date: "2023-04-11T00:00:00", db: "JVNDB", id: "JVNDB-2022-004429", }, { date: "2022-12-30T00:00:00", db: "CNNVD", id: "CNNVD-202212-4129", }, { date: "2022-12-30T08:15:07.900000", db: "NVD", id: "CVE-2022-48196", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-12-30T00:00:00", db: "VULMON", id: "CVE-2022-48196", }, { date: "2023-04-11T07:53:00", db: "JVNDB", id: "JVNDB-2022-004429", }, { date: "2023-01-11T00:00:00", db: "CNNVD", id: "CNNVD-202212-4129", }, { date: "2023-01-10T14:57:15.340000", db: "NVD", id: "CVE-2022-48196", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202212-4129", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR device Classic buffer overflow vulnerability in", sources: [ { db: "JVNDB", id: "JVNDB-2022-004429", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202212-4129", }, ], trust: 0.6, }, }
var-202112-2228
Vulnerability from variot
Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RAX35 before 1.0.4.102, RAX38 before 1.0.4.102, and RAX40 before 1.0.4.102. RAX35 , RAX38 , RAX40 There is a vulnerability related to information leakage.Information may be obtained. This affects RAX35 prior to 1.0.4.102, RAX38 prior to 1.0.4.102, and RAX40 prior to 1.0.4.102
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-2228", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "rax40", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.102", }, { model: "rax35", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.102", }, { model: "rax38", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.102", }, { model: "rax38", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rax35", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rax40", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016877", }, { db: "NVD", id: "CVE-2021-45493", }, ], }, cve: "CVE-2021-45493", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CVE-2021-45493", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 1.9, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2021-45493", impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "cve@mitre.org", availabilityImpact: "LOW", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2021-45493", impactScore: 4.7, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 7.5, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-45493", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2021-45493", trust: 1, value: "HIGH", }, { author: "cve@mitre.org", id: "CVE-2021-45493", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2021-45493", trust: 0.8, value: "High", }, { author: "CNNVD", id: "CNNVD-202112-2280", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2021-45493", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2021-45493", }, { db: "JVNDB", id: "JVNDB-2021-016877", }, { db: "CNNVD", id: "CNNVD-202112-2280", }, { db: "NVD", id: "CVE-2021-45493", }, { db: "NVD", id: "CVE-2021-45493", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RAX35 before 1.0.4.102, RAX38 before 1.0.4.102, and RAX40 before 1.0.4.102. RAX35 , RAX38 , RAX40 There is a vulnerability related to information leakage.Information may be obtained. This affects RAX35 prior to 1.0.4.102, RAX38 prior to 1.0.4.102, and RAX40 prior to 1.0.4.102", sources: [ { db: "NVD", id: "CVE-2021-45493", }, { db: "JVNDB", id: "JVNDB-2021-016877", }, { db: "VULMON", id: "CVE-2021-45493", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-45493", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2021-016877", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202112-2280", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-45493", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2021-45493", }, { db: "JVNDB", id: "JVNDB-2021-016877", }, { db: "CNNVD", id: "CNNVD-202112-2280", }, { db: "NVD", id: "CVE-2021-45493", }, ], }, id: "VAR-202112-2228", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.22761605666666665, }, last_update_date: "2024-11-23T22:10:56.905000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Admin Credential Disclosure on Some Routers, PSV-2019-0293", trust: 0.8, url: "https://kb.netgear.com/000064453/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-Routers-PSV-2019-0293", }, { title: "Netgear NETGEAR Repair measures for information disclosure vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=177046", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016877", }, { db: "CNNVD", id: "CNNVD-202112-2280", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-200", trust: 1, }, { problemtype: "information leak (CWE-200) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016877", }, { db: "NVD", id: "CVE-2021-45493", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://kb.netgear.com/000064453/security-advisory-for-admin-credential-disclosure-on-some-routers-psv-2019-0293", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-45493", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/200.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2021-45493", }, { db: "JVNDB", id: "JVNDB-2021-016877", }, { db: "CNNVD", id: "CNNVD-202112-2280", }, { db: "NVD", id: "CVE-2021-45493", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2021-45493", }, { db: "JVNDB", id: "JVNDB-2021-016877", }, { db: "CNNVD", id: "CNNVD-202112-2280", }, { db: "NVD", id: "CVE-2021-45493", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-12-26T00:00:00", db: "VULMON", id: "CVE-2021-45493", }, { date: "2022-12-26T00:00:00", db: "JVNDB", id: "JVNDB-2021-016877", }, { date: "2021-12-25T00:00:00", db: "CNNVD", id: "CNNVD-202112-2280", }, { date: "2021-12-26T01:15:12.537000", db: "NVD", id: "CVE-2021-45493", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-01-04T00:00:00", db: "VULMON", id: "CVE-2021-45493", }, { date: "2022-12-26T02:18:00", db: "JVNDB", id: "JVNDB-2021-016877", }, { date: "2022-01-05T00:00:00", db: "CNNVD", id: "CNNVD-202112-2280", }, { date: "2024-11-21T06:32:20.090000", db: "NVD", id: "CVE-2021-45493", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202112-2280", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Device information disclosure vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2021-016877", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "information disclosure", sources: [ { db: "CNNVD", id: "CNNVD-202112-2280", }, ], trust: 0.6, }, }
var-202108-1632
Vulnerability from variot
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects RAX35 before 1.0.3.94, RAX38 before 1.0.3.94, and RAX40 before 1.0.3.94. plural NETGEAR A classic buffer overflow vulnerability exists on the device.Service operation interruption (DoS) It may be in a state. This affects RAX35 prior to 1.0.3.94, RAX38 prior to 1.0.3.94, and RAX40 prior to 1.0.3.94
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202108-1632", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "rax38", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.94", }, { model: "rax35", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.94", }, { model: "rax40", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.94", }, { model: "rax40", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rax38", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rax35", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-010408", }, { db: "NVD", id: "CVE-2021-38526", }, ], }, cve: "CVE-2021-38526", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", exploitabilityScore: 10, id: "CVE-2021-38526", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 1.9, vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", exploitabilityScore: 3.9, id: "CVE-2021-38526", impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 2.8, id: "CVE-2021-38526", impactScore: 1.4, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 7.5, baseSeverity: "High", confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2021-38526", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2021-38526", trust: 1, value: "HIGH", }, { author: "cve@mitre.org", id: "CVE-2021-38526", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "CVE-2021-38526", trust: 0.8, value: "High", }, { author: "CNNVD", id: "CNNVD-202108-1002", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2021-38526", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2021-38526", }, { db: "JVNDB", id: "JVNDB-2021-010408", }, { db: "CNNVD", id: "CNNVD-202108-1002", }, { db: "NVD", id: "CVE-2021-38526", }, { db: "NVD", id: "CVE-2021-38526", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects RAX35 before 1.0.3.94, RAX38 before 1.0.3.94, and RAX40 before 1.0.3.94. plural NETGEAR A classic buffer overflow vulnerability exists on the device.Service operation interruption (DoS) It may be in a state. This affects RAX35 prior to 1.0.3.94, RAX38 prior to 1.0.3.94, and RAX40 prior to 1.0.3.94", sources: [ { db: "NVD", id: "CVE-2021-38526", }, { db: "JVNDB", id: "JVNDB-2021-010408", }, { db: "VULMON", id: "CVE-2021-38526", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-38526", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2021-010408", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202108-1002", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-38526", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2021-38526", }, { db: "JVNDB", id: "JVNDB-2021-010408", }, { db: "CNNVD", id: "CNNVD-202108-1002", }, { db: "NVD", id: "CVE-2021-38526", }, ], }, id: "VAR-202108-1632", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.22761605666666665, }, last_update_date: "2024-08-14T15:01:20.855000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Pre-Authentication Buffer Overflow on Some Routers, PSV-2020-0416", trust: 0.8, url: "https://kb.netgear.com/000063782/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2020-0416", }, { title: "Netgear NETGEAR Buffer error vulnerability fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=159386", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-010408", }, { db: "CNNVD", id: "CNNVD-202108-1002", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-120", trust: 1, }, { problemtype: "Classic buffer overflow (CWE-120) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-010408", }, { db: "NVD", id: "CVE-2021-38526", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://kb.netgear.com/000063782/security-advisory-for-pre-authentication-buffer-overflow-on-some-routers-psv-2020-0416", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-38526", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/120.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2021-38526", }, { db: "JVNDB", id: "JVNDB-2021-010408", }, { db: "CNNVD", id: "CNNVD-202108-1002", }, { db: "NVD", id: "CVE-2021-38526", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2021-38526", }, { db: "JVNDB", id: "JVNDB-2021-010408", }, { db: "CNNVD", id: "CNNVD-202108-1002", }, { db: "NVD", id: "CVE-2021-38526", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-08-11T00:00:00", db: "VULMON", id: "CVE-2021-38526", }, { date: "2022-06-30T00:00:00", db: "JVNDB", id: "JVNDB-2021-010408", }, { date: "2021-08-10T00:00:00", db: "CNNVD", id: "CNNVD-202108-1002", }, { date: "2021-08-11T00:16:14.140000", db: "NVD", id: "CVE-2021-38526", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-08-18T00:00:00", db: "VULMON", id: "CVE-2021-38526", }, { date: "2022-06-30T09:05:00", db: "JVNDB", id: "JVNDB-2021-010408", }, { date: "2021-08-19T00:00:00", db: "CNNVD", id: "CNNVD-202108-1002", }, { date: "2021-08-18T20:17:09.940000", db: "NVD", id: "CVE-2021-38526", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202108-1002", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Classic buffer overflow vulnerability in device", sources: [ { db: "JVNDB", id: "JVNDB-2021-010408", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202108-1002", }, ], trust: 0.6, }, }
var-202112-2399
Vulnerability from variot
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects LAX20 before 1.1.6.28, MK62 before 1.1.6.122, MR60 before 1.1.6.122, MS60 before 1.1.6.122, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.116, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.38, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RS400 before 1.5.1.80, and XR1000 before 1.0.0.58. plural NETGEAR A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects LAX20 prior to 1.1.6.28, MK62 prior to 1.1.6.122, MR60 prior to 1.1.6.122, MS60 prior to 1.1.6.122, R6400v2 prior to 1.0.4.118, R6700v3 prior to 1.0.4.118, R6900P prior to 1.3.3.140, R7000 prior to 1.0.11.116, R7000P prior to 1.3.3.140, R7850 prior to 1.0.5.68, R7900 prior to 1.0.4.38, R7900P prior to 1.4.2.84, R7960P prior to 1.4.2.84, R8000 prior to 1.0.4.68, R8000P prior to 1.4.2.84, RAX15 prior to 1.0.3.96, RAX20 prior to 1.0.3.96, RAX200 prior to 1.0.4.120, RAX35v2 prior to 1.0.3.96, RAX40v2 prior to 1.0.3.96, RAX43 prior to 1.0.3.96, RAX45 prior to 1.0.3.96, RAX50 prior to 1.0.3.96, RAX75 prior to 1.0.4.120, RAX80 prior to 1.0.4.120, RS400 prior to 1.5.1.80, and XR1000 prior to 1.0.0.58
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-2399", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "xr1000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.58", }, { model: "r7900", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.38", }, { model: "rax50", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.96", }, { model: "lax20", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.6.28", }, { model: "mr60", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.6.122", }, { model: "r8000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.68", }, { model: "r8000p", scope: "lt", trust: 1, vendor: "netgear", version: "1.4.2.84", }, { model: "rax15", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.96", }, { model: "rax35", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.96", }, { model: "rax45", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.96", }, { model: "r7900p", scope: "lt", trust: 1, vendor: "netgear", version: "1.4.2.84", }, { model: "r6900p", scope: "lt", trust: 1, vendor: "netgear", version: "1.3.3.140", }, { model: "rax200", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.120", }, { model: "rax43", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.96", }, { model: "ms60", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.6.122", }, { model: "r7000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.11.116", }, { model: "rax40", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.96", }, { model: "r7960p", scope: "lt", trust: 1, vendor: "netgear", version: "1.4.2.84", }, { model: "rax80", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.120", }, { model: "rs400", scope: "lt", trust: 1, vendor: "netgear", version: "1.5.1.80", }, { model: "rax75", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.120", }, { model: "r7000p", scope: "lt", trust: 1, vendor: "netgear", version: "1.3.3.140", }, { model: "r6700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.118", }, { model: "rax20", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.96", }, { model: "mk62", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.6.122", }, { model: "r7850", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.5.68", }, { model: "r6400", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.118", }, { model: "r6900p", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r6400", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "mr60", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "lax20", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r7000p", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "mk62", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r7000", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r7850", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r6700", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ms60", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017103", }, { db: "NVD", id: "CVE-2021-45549", }, ], }, cve: "CVE-2021-45549", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CVE-2021-45549", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.9, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2021-45549", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 8.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.7, id: "CVE-2021-45549", impactScore: 6, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 6.8, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-45549", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2021-45549", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2021-45549", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2021-45549", trust: 0.8, value: "Medium", }, { author: "CNNVD", id: "CNNVD-202112-2369", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2021-45549", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2021-45549", }, { db: "JVNDB", id: "JVNDB-2021-017103", }, { db: "CNNVD", id: "CNNVD-202112-2369", }, { db: "NVD", id: "CVE-2021-45549", }, { db: "NVD", id: "CVE-2021-45549", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects LAX20 before 1.1.6.28, MK62 before 1.1.6.122, MR60 before 1.1.6.122, MS60 before 1.1.6.122, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.116, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.38, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RS400 before 1.5.1.80, and XR1000 before 1.0.0.58. plural NETGEAR A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects LAX20 prior to 1.1.6.28, MK62 prior to 1.1.6.122, MR60 prior to 1.1.6.122, MS60 prior to 1.1.6.122, R6400v2 prior to 1.0.4.118, R6700v3 prior to 1.0.4.118, R6900P prior to 1.3.3.140, R7000 prior to 1.0.11.116, R7000P prior to 1.3.3.140, R7850 prior to 1.0.5.68, R7900 prior to 1.0.4.38, R7900P prior to 1.4.2.84, R7960P prior to 1.4.2.84, R8000 prior to 1.0.4.68, R8000P prior to 1.4.2.84, RAX15 prior to 1.0.3.96, RAX20 prior to 1.0.3.96, RAX200 prior to 1.0.4.120, RAX35v2 prior to 1.0.3.96, RAX40v2 prior to 1.0.3.96, RAX43 prior to 1.0.3.96, RAX45 prior to 1.0.3.96, RAX50 prior to 1.0.3.96, RAX75 prior to 1.0.4.120, RAX80 prior to 1.0.4.120, RS400 prior to 1.5.1.80, and XR1000 prior to 1.0.0.58", sources: [ { db: "NVD", id: "CVE-2021-45549", }, { db: "JVNDB", id: "JVNDB-2021-017103", }, { db: "VULMON", id: "CVE-2021-45549", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-45549", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2021-017103", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202112-2369", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-45549", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2021-45549", }, { db: "JVNDB", id: "JVNDB-2021-017103", }, { db: "CNNVD", id: "CNNVD-202112-2369", }, { db: "NVD", id: "CVE-2021-45549", }, ], }, id: "VAR-202112-2399", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.3064084333333333, }, last_update_date: "2024-11-23T22:25:01.475000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Post-Authentication Command Injection on Some Routers, Extenders, and WiFi Systems, PSV-2020-0517", trust: 0.8, url: "https://kb.netgear.com/000064513/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0517", }, { title: "Netgear NETGEAR Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=176380", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017103", }, { db: "CNNVD", id: "CNNVD-202112-2369", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-77", trust: 1, }, { problemtype: "Command injection (CWE-77) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017103", }, { db: "NVD", id: "CVE-2021-45549", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://kb.netgear.com/000064513/security-advisory-for-post-authentication-command-injection-on-some-routers-extenders-and-wifi-systems-psv-2020-0517", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-45549", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/77.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2021-45549", }, { db: "JVNDB", id: "JVNDB-2021-017103", }, { db: "CNNVD", id: "CNNVD-202112-2369", }, { db: "NVD", id: "CVE-2021-45549", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2021-45549", }, { db: "JVNDB", id: "JVNDB-2021-017103", }, { db: "CNNVD", id: "CNNVD-202112-2369", }, { db: "NVD", id: "CVE-2021-45549", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-12-26T00:00:00", db: "VULMON", id: "CVE-2021-45549", }, { date: "2023-01-04T00:00:00", db: "JVNDB", id: "JVNDB-2021-017103", }, { date: "2021-12-26T00:00:00", db: "CNNVD", id: "CNNVD-202112-2369", }, { date: "2021-12-26T01:15:15.320000", db: "NVD", id: "CVE-2021-45549", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-01-05T00:00:00", db: "VULMON", id: "CVE-2021-45549", }, { date: "2023-01-04T06:51:00", db: "JVNDB", id: "JVNDB-2021-017103", }, { date: "2022-01-06T00:00:00", db: "CNNVD", id: "CNNVD-202112-2369", }, { date: "2024-11-21T06:32:29.353000", db: "NVD", id: "CVE-2021-45549", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202112-2369", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Command injection vulnerability in device", sources: [ { db: "JVNDB", id: "JVNDB-2021-017103", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "command injection", sources: [ { db: "CNNVD", id: "CNNVD-202112-2369", }, ], trust: 0.6, }, }
var-202112-2345
Vulnerability from variot
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects CBR750 before 3.2.18.2, D6220 before 1.0.0.68, D6400 before 1.0.0.102, D8500 before 1.0.3.60, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6300v2 before 1.0.4.50, R6400 before 1.0.1.68, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.116, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.38, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, and XR1000 before 1.0.0.58. plural NETGEAR The device contains a vulnerability related to out-of-bounds writes.Service operation interruption (DoS) It may be in a state. This affects CBR750 prior to 3.2.18.2, D6220 prior to 1.0.0.68, D6400 prior to 1.0.0.102, D8500 prior to 1.0.3.60, LAX20 prior to 1.1.6.28, MK62 prior to 1.0.6.116, MR60 prior to 1.0.6.116, MS60 prior to 1.0.6.116, R6300v2 prior to 1.0.4.50, R6400 prior to 1.0.1.68, R6400v2 prior to 1.0.4.118, R6700v3 prior to 1.0.4.118, R6900P prior to 1.3.3.140, R7000 prior to 1.0.11.116, R7000P prior to 1.3.3.140, R7850 prior to 1.0.5.68, R7900 prior to 1.0.4.38, R7900P prior to 1.4.2.84, R7960P prior to 1.4.2.84, R8000 prior to 1.0.4.68, R8000P prior to 1.4.2.84, RAX15 prior to 1.0.3.96, RAX20 prior to 1.0.3.96, RAX200 prior to 1.0.4.120, RAX35v2 prior to 1.0.3.96, RAX40v2 prior to 1.0.3.96, RAX43 prior to 1.0.3.96, RAX45 prior to 1.0.3.96, RAX50 prior to 1.0.3.96, RAX75 prior to 1.0.4.120, RAX80 prior to 1.0.4.120, RBK752 prior to 3.2.17.12, RBK852 prior to 3.2.17.12, RBR750 prior to 3.2.17.12, RBR850 prior to 3.2.17.12, RBS750 prior to 3.2.17.12, RBS850 prior to 3.2.17.12, RS400 prior to 1.5.1.80, and XR1000 prior to 1.0.0.58
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-2345", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "rbr750", scope: "lt", trust: 1, vendor: "netgear", version: "3.2.17.12", }, { model: "mr60", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.6.116", }, { model: "ms60", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.6.116", }, { model: "r8000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.68", }, { model: "r8000p", scope: "lt", trust: 1, vendor: "netgear", version: "1.4.2.84", }, { model: "rax15", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.96", }, { model: "rax35", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.96", }, { model: "rax45", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.96", }, { model: "rbk752", scope: "lt", trust: 1, vendor: "netgear", version: "3.2.17.12", }, { model: "r7900p", scope: "lt", trust: 1, vendor: "netgear", version: "1.4.2.84", }, { model: "rax43", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.96", }, { model: "cbr750", scope: "lt", trust: 1, vendor: "netgear", version: "3.2.18.2", }, { model: "rbr850", scope: "lt", trust: 1, vendor: "netgear", version: "3.2.17.12", }, { model: "d6220", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.68", }, { model: "rax80", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.120", }, { model: "rs400", scope: "lt", trust: 1, vendor: "netgear", version: "1.5.1.80", }, { model: "r7000p", scope: "lt", trust: 1, vendor: "netgear", version: "1.3.3.140", }, { model: "r6700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.118", }, { model: "rbs750", scope: "lt", trust: 1, vendor: "netgear", version: "3.2.17.12", }, { model: "d6400", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.102", }, { model: "r6400", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.118", }, { model: "r6400", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.68", }, { model: "xr1000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.58", }, { model: "rbs850", scope: "lt", trust: 1, vendor: "netgear", version: "3.2.17.12", }, { model: "r7900", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.38", }, { model: "rax50", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.96", }, { model: "lax20", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.6.28", }, { model: "r6300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.50", }, { model: "r6900p", scope: "lt", trust: 1, vendor: "netgear", version: "1.3.3.140", }, { model: "rax200", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.120", }, { model: "rbk852", scope: "lt", trust: 1, vendor: "netgear", version: "3.2.17.12", }, { model: "r7000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.11.116", }, { model: "rax40", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.96", }, { model: "r7960p", scope: "lt", trust: 1, vendor: "netgear", version: "1.4.2.84", }, { model: "rax75", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.120", }, { model: "mk62", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.6.116", }, { model: "d8500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.60", }, { model: "rax20", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.96", }, { model: "r7850", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.5.68", }, { model: "mr60", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r6300", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "d8500", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r6400", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "d6220", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "lax20", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "cbr750", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "mk62", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ms60", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "d6400", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017178", }, { db: "NVD", id: "CVE-2021-45604", }, ], }, cve: "CVE-2021-45604", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 2.7, confidentialityImpact: "NONE", exploitabilityScore: 5.1, id: "CVE-2021-45604", impactScore: 2.9, integrityImpact: "NONE", severity: "LOW", trust: 1.9, vectorString: "AV:A/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 4.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 0.9, id: "CVE-2021-45604", impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 2, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "OTHER", availabilityImpact: "High", baseScore: 4.5, baseSeverity: "Medium", confidentialityImpact: "None", exploitabilityScore: null, id: "JVNDB-2021-017178", impactScore: null, integrityImpact: "None", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2021-45604", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2021-45604", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "CVE-2021-45604", trust: 0.8, value: "Medium", }, { author: "CNNVD", id: "CNNVD-202112-2400", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2021-45604", trust: 0.1, value: "LOW", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2021-45604", }, { db: "JVNDB", id: "JVNDB-2021-017178", }, { db: "CNNVD", id: "CNNVD-202112-2400", }, { db: "NVD", id: "CVE-2021-45604", }, { db: "NVD", id: "CVE-2021-45604", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects CBR750 before 3.2.18.2, D6220 before 1.0.0.68, D6400 before 1.0.0.102, D8500 before 1.0.3.60, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6300v2 before 1.0.4.50, R6400 before 1.0.1.68, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.116, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.38, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, and XR1000 before 1.0.0.58. plural NETGEAR The device contains a vulnerability related to out-of-bounds writes.Service operation interruption (DoS) It may be in a state. This affects CBR750 prior to 3.2.18.2, D6220 prior to 1.0.0.68, D6400 prior to 1.0.0.102, D8500 prior to 1.0.3.60, LAX20 prior to 1.1.6.28, MK62 prior to 1.0.6.116, MR60 prior to 1.0.6.116, MS60 prior to 1.0.6.116, R6300v2 prior to 1.0.4.50, R6400 prior to 1.0.1.68, R6400v2 prior to 1.0.4.118, R6700v3 prior to 1.0.4.118, R6900P prior to 1.3.3.140, R7000 prior to 1.0.11.116, R7000P prior to 1.3.3.140, R7850 prior to 1.0.5.68, R7900 prior to 1.0.4.38, R7900P prior to 1.4.2.84, R7960P prior to 1.4.2.84, R8000 prior to 1.0.4.68, R8000P prior to 1.4.2.84, RAX15 prior to 1.0.3.96, RAX20 prior to 1.0.3.96, RAX200 prior to 1.0.4.120, RAX35v2 prior to 1.0.3.96, RAX40v2 prior to 1.0.3.96, RAX43 prior to 1.0.3.96, RAX45 prior to 1.0.3.96, RAX50 prior to 1.0.3.96, RAX75 prior to 1.0.4.120, RAX80 prior to 1.0.4.120, RBK752 prior to 3.2.17.12, RBK852 prior to 3.2.17.12, RBR750 prior to 3.2.17.12, RBR850 prior to 3.2.17.12, RBS750 prior to 3.2.17.12, RBS850 prior to 3.2.17.12, RS400 prior to 1.5.1.80, and XR1000 prior to 1.0.0.58", sources: [ { db: "NVD", id: "CVE-2021-45604", }, { db: "JVNDB", id: "JVNDB-2021-017178", }, { db: "VULMON", id: "CVE-2021-45604", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-45604", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2021-017178", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202112-2400", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-45604", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2021-45604", }, { db: "JVNDB", id: "JVNDB-2021-017178", }, { db: "CNNVD", id: "CNNVD-202112-2400", }, { db: "NVD", id: "CVE-2021-45604", }, ], }, id: "VAR-202112-2345", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.3122930857894737, }, last_update_date: "2024-11-23T22:54:44.868000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Post-Authentication Stack Overflow on Some Routers and WiFi Systems, PSV-2020-0572", trust: 0.8, url: "https://kb.netgear.com/000064526/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-WiFi-Systems-PSV-2020-0572", }, { title: "Netgear RBR750 and NETGEAR Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=177121", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017178", }, { db: "CNNVD", id: "CNNVD-202112-2400", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1, }, { problemtype: "Out-of-bounds writing (CWE-787) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017178", }, { db: "NVD", id: "CVE-2021-45604", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://kb.netgear.com/000064526/security-advisory-for-post-authentication-stack-overflow-on-some-routers-and-wifi-systems-psv-2020-0572", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-45604", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/787.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2021-45604", }, { db: "JVNDB", id: "JVNDB-2021-017178", }, { db: "CNNVD", id: "CNNVD-202112-2400", }, { db: "NVD", id: "CVE-2021-45604", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2021-45604", }, { db: "JVNDB", id: "JVNDB-2021-017178", }, { db: "CNNVD", id: "CNNVD-202112-2400", }, { db: "NVD", id: "CVE-2021-45604", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-12-26T00:00:00", db: "VULMON", id: "CVE-2021-45604", }, { date: "2023-01-06T00:00:00", db: "JVNDB", id: "JVNDB-2021-017178", }, { date: "2021-12-26T00:00:00", db: "CNNVD", id: "CNNVD-202112-2400", }, { date: "2021-12-26T01:15:17.900000", db: "NVD", id: "CVE-2021-45604", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-01-06T00:00:00", db: "VULMON", id: "CVE-2021-45604", }, { date: "2023-01-06T06:15:00", db: "JVNDB", id: "JVNDB-2021-017178", }, { date: "2022-01-10T00:00:00", db: "CNNVD", id: "CNNVD-202112-2400", }, { date: "2024-11-21T06:32:38.723000", db: "NVD", id: "CVE-2021-45604", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202112-2400", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Out-of-bounds write vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2021-017178", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202112-2400", }, ], trust: 0.6, }, }
var-202203-1669
Vulnerability from variot
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15762. LAX20 firmware, R6400 firmware, R6700 Multiple NETGEAR products, such as firmware, have vulnerabilities related to lack of authentication for important functions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The issue results from incorrect string matching logic when accessing protected pages
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202203-1669", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "lax20", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.6.34", }, { model: "r6700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.126", }, { model: "rax42", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "r6400", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.126", }, { model: "rax50s", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "rax48", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "r7960p", scope: "lt", trust: 1, vendor: "netgear", version: "1.4.3.88", }, { model: "r8000p", scope: "lt", trust: 1, vendor: "netgear", version: "1.4.3.88", }, { model: "rax75", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.6.138", }, { model: "rax40", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "r7850", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.5.84", }, { model: "r8500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.158", }, { model: "rax20", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "rax38", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "r7000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.11.134", }, { model: "r7900p", scope: "lt", trust: 1, vendor: "netgear", version: "1.4.3.88", }, { model: "rax43", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "r8000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.84", }, { model: "rax50", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "rax15", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "rax200", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.6.138", }, { model: "rax35", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "rax45", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "rax48", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r8500", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rax35", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rax38", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r6400", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r7000", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rax20", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r8000", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rax200", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r7900p", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r8000p", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rax45", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rax43", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r7960p", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r6700", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rax42", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rax15", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r7850", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "lax20", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rax40", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r6700v3", scope: null, trust: 0.7, vendor: "netgear", version: null, }, ], sources: [ { db: "ZDI", id: "ZDI-22-522", }, { db: "JVNDB", id: "JVNDB-2022-022071", }, { db: "NVD", id: "CVE-2022-27645", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Xin'an Zhou, Xiaochen Zou, Zhiyun Qian (from the team NullRiver)", sources: [ { db: "ZDI", id: "ZDI-22-522", }, ], trust: 0.7, }, cve: "CVE-2022-27645", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "zdi-disclosures@trendmicro.com", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2022-27645", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1.8, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2022-27645", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "ZDI", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2022-27645", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 0.7, userInteraction: "NONE", vectorString: "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "zdi-disclosures@trendmicro.com", id: "CVE-2022-27645", trust: 1, value: "HIGH", }, { author: "nvd@nist.gov", id: "CVE-2022-27645", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2022-27645", trust: 0.8, value: "High", }, { author: "ZDI", id: "CVE-2022-27645", trust: 0.7, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202203-2062", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "ZDI", id: "ZDI-22-522", }, { db: "JVNDB", id: "JVNDB-2022-022071", }, { db: "CNNVD", id: "CNNVD-202203-2062", }, { db: "NVD", id: "CVE-2022-27645", }, { db: "NVD", id: "CVE-2022-27645", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15762. LAX20 firmware, R6400 firmware, R6700 Multiple NETGEAR products, such as firmware, have vulnerabilities related to lack of authentication for important functions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The issue results from incorrect string matching logic when accessing protected pages", sources: [ { db: "NVD", id: "CVE-2022-27645", }, { db: "JVNDB", id: "JVNDB-2022-022071", }, { db: "ZDI", id: "ZDI-22-522", }, { db: "VULMON", id: "CVE-2022-27645", }, ], trust: 2.34, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-27645", trust: 4, }, { db: "ZDI", id: "ZDI-22-522", trust: 3.2, }, { db: "JVNDB", id: "JVNDB-2022-022071", trust: 0.8, }, { db: "ZDI_CAN", id: "ZDI-CAN-15762", trust: 0.7, }, { db: "CS-HELP", id: "SB2022032410", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202203-2062", trust: 0.6, }, { db: "VULMON", id: "CVE-2022-27645", trust: 0.1, }, ], sources: [ { db: "ZDI", id: "ZDI-22-522", }, { db: "VULMON", id: "CVE-2022-27645", }, { db: "JVNDB", id: "JVNDB-2022-022071", }, { db: "CNNVD", id: "CNNVD-202203-2062", }, { db: "NVD", id: "CVE-2022-27645", }, ], }, id: "VAR-202203-1669", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.3529194792857143, }, last_update_date: "2024-08-14T13:42:56.044000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "NETGEAR has issued an update to correct this vulnerability.", trust: 0.7, url: "https://kb.netgear.com/000064722/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Fixed-Wireless-Products-PSV-2021-0325", }, { title: "NETGEAR R6700v3 Fixes for access control error vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=235321", }, ], sources: [ { db: "ZDI", id: "ZDI-22-522", }, { db: "CNNVD", id: "CNNVD-202203-2062", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-697", trust: 1, }, { problemtype: "CWE-306", trust: 1, }, { problemtype: "Lack of authentication for critical features (CWE-306) [ others ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-022071", }, { db: "NVD", id: "CVE-2022-27645", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 3.2, url: "https://kb.netgear.com/000064722/security-advisory-for-sensitive-information-disclosure-on-some-routers-and-fixed-wireless-products-psv-2021-0325", }, { trust: 3.2, url: "https://www.zerodayinitiative.com/advisories/zdi-22-522/", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2022-27645", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-27645/", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2022032410", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/863.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "ZDI", id: "ZDI-22-522", }, { db: "VULMON", id: "CVE-2022-27645", }, { db: "JVNDB", id: "JVNDB-2022-022071", }, { db: "CNNVD", id: "CNNVD-202203-2062", }, { db: "NVD", id: "CVE-2022-27645", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "ZDI", id: "ZDI-22-522", }, { db: "VULMON", id: "CVE-2022-27645", }, { db: "JVNDB", id: "JVNDB-2022-022071", }, { db: "CNNVD", id: "CNNVD-202203-2062", }, { db: "NVD", id: "CVE-2022-27645", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-03-23T00:00:00", db: "ZDI", id: "ZDI-22-522", }, { date: "2023-03-29T00:00:00", db: "VULMON", id: "CVE-2022-27645", }, { date: "2023-11-15T00:00:00", db: "JVNDB", id: "JVNDB-2022-022071", }, { date: "2022-03-23T00:00:00", db: "CNNVD", id: "CNNVD-202203-2062", }, { date: "2023-03-29T19:15:08.637000", db: "NVD", id: "CVE-2022-27645", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-03-23T00:00:00", db: "ZDI", id: "ZDI-22-522", }, { date: "2023-03-30T00:00:00", db: "VULMON", id: "CVE-2022-27645", }, { date: "2023-11-15T03:22:00", db: "JVNDB", id: "JVNDB-2022-022071", }, { date: "2023-05-04T00:00:00", db: "CNNVD", id: "CNNVD-202203-2062", }, { date: "2023-04-28T21:15:08.350000", db: "NVD", id: "CVE-2022-27645", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202203-2062", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Vulnerability related to lack of authentication for important functions in multiple NETGEAR products", sources: [ { db: "JVNDB", id: "JVNDB-2022-022071", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "access control error", sources: [ { db: "CNNVD", id: "CNNVD-202203-2062", }, ], trust: 0.6, }, }
cve-2021-41449
Vulnerability from cvelistv5
Published
2021-12-09 13:05
Modified
2024-08-04 03:15
Severity ?
EPSS score ?
Summary
A path traversal attack in web interfaces of Netgear RAX35, RAX38, and RAX40 routers before v1.0.4.102, allows a remote unauthenticated attacker to gain access to sensitive restricted information, such as forbidden files of the web application, via sending a specially crafted HTTP packet.
References
| ▼ | URL | Tags |
|---|---|---|
| http://netgear.com | x_refsource_MISC | |
| https://www.netgear.com/about/security/ | x_refsource_MISC | |
| http://rax40.com | x_refsource_MISC | |
| https://kb.netgear.com/000064405/Security-Advisory-for-Path-Traversal-on-Some-Routers-PSV-2021-0268 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T03:15:28.411Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://netgear.com", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.netgear.com/about/security/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://rax40.com", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://kb.netgear.com/000064405/Security-Advisory-for-Path-Traversal-on-Some-Routers-PSV-2021-0268", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A path traversal attack in web interfaces of Netgear RAX35, RAX38, and RAX40 routers before v1.0.4.102, allows a remote unauthenticated attacker to gain access to sensitive restricted information, such as forbidden files of the web application, via sending a specially crafted HTTP packet.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-09T13:05:13", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://netgear.com", }, { tags: [ "x_refsource_MISC", ], url: "https://www.netgear.com/about/security/", }, { tags: [ "x_refsource_MISC", ], url: "http://rax40.com", }, { tags: [ "x_refsource_MISC", ], url: "https://kb.netgear.com/000064405/Security-Advisory-for-Path-Traversal-on-Some-Routers-PSV-2021-0268", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-41449", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A path traversal attack in web interfaces of Netgear RAX35, RAX38, and RAX40 routers before v1.0.4.102, allows a remote unauthenticated attacker to gain access to sensitive restricted information, such as forbidden files of the web application, via sending a specially crafted HTTP packet.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://netgear.com", refsource: "MISC", url: "http://netgear.com", }, { name: "https://www.netgear.com/about/security/", refsource: "MISC", url: "https://www.netgear.com/about/security/", }, { name: "http://rax40.com", refsource: "MISC", url: "http://rax40.com", }, { name: "https://kb.netgear.com/000064405/Security-Advisory-for-Path-Traversal-on-Some-Routers-PSV-2021-0268", refsource: "MISC", url: "https://kb.netgear.com/000064405/Security-Advisory-for-Path-Traversal-on-Some-Routers-PSV-2021-0268", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-41449", datePublished: "2021-12-09T13:05:13", dateReserved: "2021-09-20T00:00:00", dateUpdated: "2024-08-04T03:15:28.411Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-38526
Vulnerability from cvelistv5
Published
2021-08-11 00:01
Modified
2024-08-04 01:44
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects RAX35 before 1.0.3.94, RAX38 before 1.0.3.94, and RAX40 before 1.0.3.94.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T01:44:23.517Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://kb.netgear.com/000063782/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2020-0416", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects RAX35 before 1.0.3.94, RAX38 before 1.0.3.94, and RAX40 before 1.0.3.94.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:L/AV:A/A:L/C:N/I:N/PR:N/S:U/UI:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-08-11T00:01:17", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://kb.netgear.com/000063782/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2020-0416", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-38526", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects RAX35 before 1.0.3.94, RAX38 before 1.0.3.94, and RAX40 before 1.0.3.94.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:L/AV:A/A:L/C:N/I:N/PR:N/S:U/UI:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000063782/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2020-0416", refsource: "MISC", url: "https://kb.netgear.com/000063782/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2020-0416", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-38526", datePublished: "2021-08-11T00:01:17", dateReserved: "2021-08-10T00:00:00", dateUpdated: "2024-08-04T01:44:23.517Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-38536
Vulnerability from cvelistv5
Published
2021-08-10 23:59
Modified
2024-08-04 01:44
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.66, R6260 before 1.1.0.78, R6700v2 before 1.2.0.76, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, RAX35 before 1.0.3.62, and RAX40 before 1.0.3.62.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T01:44:22.933Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://kb.netgear.com/000063774/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Gateways-PSV-2019-0193", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.66, R6260 before 1.1.0.78, R6700v2 before 1.2.0.76, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, RAX35 before 1.0.3.62, and RAX40 before 1.0.3.62.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AC:L/AV:A/A:N/C:L/I:L/PR:H/S:C/UI:R", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-08-10T23:59:11", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://kb.netgear.com/000063774/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Gateways-PSV-2019-0193", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-38536", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.66, R6260 before 1.1.0.78, R6700v2 before 1.2.0.76, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, RAX35 before 1.0.3.62, and RAX40 before 1.0.3.62.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "NONE", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AC:L/AV:A/A:N/C:L/I:L/PR:H/S:C/UI:R", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000063774/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Gateways-PSV-2019-0193", refsource: "MISC", url: "https://kb.netgear.com/000063774/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Gateways-PSV-2019-0193", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-38536", datePublished: "2021-08-10T23:59:11", dateReserved: "2021-08-10T00:00:00", dateUpdated: "2024-08-04T01:44:22.933Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-45604
Vulnerability from cvelistv5
Published
2021-12-26 00:38
Modified
2024-08-04 04:47
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects CBR750 before 3.2.18.2, D6220 before 1.0.0.68, D6400 before 1.0.0.102, D8500 before 1.0.3.60, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6300v2 before 1.0.4.50, R6400 before 1.0.1.68, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.116, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.38, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, and XR1000 before 1.0.0.58.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:47:01.868Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://kb.netgear.com/000064526/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-WiFi-Systems-PSV-2020-0572", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects CBR750 before 3.2.18.2, D6220 before 1.0.0.68, D6400 before 1.0.0.102, D8500 before 1.0.3.60, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6300v2 before 1.0.4.50, R6400 before 1.0.1.68, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.116, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.38, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, and XR1000 before 1.0.0.58.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 4.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:L/AV:A/A:H/C:N/I:N/PR:H/S:U/UI:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-26T00:38:12", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://kb.netgear.com/000064526/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-WiFi-Systems-PSV-2020-0572", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-45604", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects CBR750 before 3.2.18.2, D6220 before 1.0.0.68, D6400 before 1.0.0.102, D8500 before 1.0.3.60, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6300v2 before 1.0.4.50, R6400 before 1.0.1.68, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.116, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.38, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, and XR1000 before 1.0.0.58.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:L/AV:A/A:H/C:N/I:N/PR:H/S:U/UI:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000064526/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-WiFi-Systems-PSV-2020-0572", refsource: "MISC", url: "https://kb.netgear.com/000064526/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-WiFi-Systems-PSV-2020-0572", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-45604", datePublished: "2021-12-26T00:38:12", dateReserved: "2021-12-25T00:00:00", dateUpdated: "2024-08-04T04:47:01.868Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-27645
Vulnerability from cvelistv5
Published
2023-03-29 00:00
Modified
2025-02-18 17:47
Severity ?
EPSS score ?
Summary
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15762.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T05:32:59.899Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-522/", }, { tags: [ "x_transferred", ], url: "https://kb.netgear.com/000064722/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Fixed-Wireless-Products-PSV-2021-0325", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-27645", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-18T17:47:46.916392Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-18T17:47:52.653Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "R6700v3", vendor: "NETGEAR", versions: [ { status: "affected", version: "1.0.4.120_10.0.91", }, ], }, ], credits: [ { lang: "en", value: "Xin'an Zhou, Xiaochen Zou, Zhiyun Qian (from the team NullRiver)", }, ], descriptions: [ { lang: "en", value: "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15762.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-306", description: "CWE-306: Missing Authentication for Critical Function", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-28T00:00:00.000Z", orgId: "99f1926a-a320-47d8-bbb5-42feb611262e", shortName: "zdi", }, references: [ { url: "https://www.zerodayinitiative.com/advisories/ZDI-22-522/", }, { url: "https://kb.netgear.com/000064722/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Fixed-Wireless-Products-PSV-2021-0325", }, ], }, }, cveMetadata: { assignerOrgId: "99f1926a-a320-47d8-bbb5-42feb611262e", assignerShortName: "zdi", cveId: "CVE-2022-27645", datePublished: "2023-03-29T00:00:00.000Z", dateReserved: "2022-03-22T00:00:00.000Z", dateUpdated: "2025-02-18T17:47:52.653Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-27642
Vulnerability from cvelistv5
Published
2023-03-29 00:00
Modified
2025-02-18 17:49
Severity ?
EPSS score ?
Summary
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-15854.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T05:32:59.905Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-518/", }, { tags: [ "x_transferred", ], url: "https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-27642", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-18T17:49:46.824954Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-18T17:49:51.215Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "R6700v3", vendor: "NETGEAR", versions: [ { status: "affected", version: "1.0.4.120_10.0.91", }, ], }, ], credits: [ { lang: "en", value: "Bugscale team", }, ], descriptions: [ { lang: "en", value: "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-15854.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-863", description: "CWE-863: Incorrect Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-29T00:00:00.000Z", orgId: "99f1926a-a320-47d8-bbb5-42feb611262e", shortName: "zdi", }, references: [ { url: "https://www.zerodayinitiative.com/advisories/ZDI-22-518/", }, { url: "https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327", }, ], }, }, cveMetadata: { assignerOrgId: "99f1926a-a320-47d8-bbb5-42feb611262e", assignerShortName: "zdi", cveId: "CVE-2022-27642", datePublished: "2023-03-29T00:00:00.000Z", dateReserved: "2022-03-22T00:00:00.000Z", dateUpdated: "2025-02-18T17:49:51.215Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-45549
Vulnerability from cvelistv5
Published
2021-12-26 00:52
Modified
2024-08-04 04:47
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects LAX20 before 1.1.6.28, MK62 before 1.1.6.122, MR60 before 1.1.6.122, MS60 before 1.1.6.122, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.116, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.38, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RS400 before 1.5.1.80, and XR1000 before 1.0.0.58.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:47:00.264Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://kb.netgear.com/000064513/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0517", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects LAX20 before 1.1.6.28, MK62 before 1.1.6.122, MR60 before 1.1.6.122, MS60 before 1.1.6.122, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.116, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.38, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RS400 before 1.5.1.80, and XR1000 before 1.0.0.58.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:C/UI:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-26T00:52:27", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://kb.netgear.com/000064513/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0517", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-45549", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects LAX20 before 1.1.6.28, MK62 before 1.1.6.122, MR60 before 1.1.6.122, MS60 before 1.1.6.122, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.116, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.38, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RS400 before 1.5.1.80, and XR1000 before 1.0.0.58.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:C/UI:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000064513/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0517", refsource: "MISC", url: "https://kb.netgear.com/000064513/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0517", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-45549", datePublished: "2021-12-26T00:52:27", dateReserved: "2021-12-25T00:00:00", dateUpdated: "2024-08-04T04:47:00.264Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-27358
Vulnerability from cvelistv5
Published
2024-05-03 01:56
Modified
2024-08-02 12:09
Severity ?
EPSS score ?
Summary
NETGEAR RAX30 SOAP Request SQL Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of specific SOAP requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the service account. Was ZDI-CAN-19754.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-502/ | x_research-advisory | |
| https://kb.netgear.com/000065617/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-PSV-2022-0349 | vendor-advisory |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:h:netgear:rax30_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "rax30_firmware", vendor: "netgear", versions: [ { lessThan: "1.0.10.94", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:netgear:rax35_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "rax35_firmware", vendor: "netgear", versions: [ { lessThan: "1.0.10.94", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:netgear:rax38_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "rax38_firmware", vendor: "netgear", versions: [ { lessThan: "1.0.10.94", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:netgear:rax40_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "rax40_firmware", vendor: "netgear", versions: [ { lessThan: "1.0.10.94", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:netgear:raxe300_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "raxe300_firmware", vendor: "netgear", versions: [ { lessThan: "1.0.10.94", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-27358", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-06T15:39:54.731083Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-06T15:50:11.494Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T12:09:43.431Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ZDI-23-502", tags: [ "x_research-advisory", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-23-502/", }, { name: "vendor-provided URL", tags: [ "vendor-advisory", "x_transferred", ], url: "https://kb.netgear.com/000065617/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-PSV-2022-0349", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "RAX30", vendor: "NETGEAR", versions: [ { status: "affected", version: "1.0.9.90_3", }, ], }, ], dateAssigned: "2023-02-28T12:05:54.080-06:00", datePublic: "2023-05-01T16:31:16.216-05:00", descriptions: [ { lang: "en", value: "NETGEAR RAX30 SOAP Request SQL Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of specific SOAP requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the service account. Was ZDI-CAN-19754.", }, ], metrics: [ { cvssV3_0: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-03T01:56:10.655Z", orgId: "99f1926a-a320-47d8-bbb5-42feb611262e", shortName: "zdi", }, references: [ { name: "ZDI-23-502", tags: [ "x_research-advisory", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-23-502/", }, { name: "vendor-provided URL", tags: [ "vendor-advisory", ], url: "https://kb.netgear.com/000065617/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-PSV-2022-0349", }, ], source: { lang: "en", value: "Interrupt Labs", }, title: "NETGEAR RAX30 SOAP Request SQL Injection Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "99f1926a-a320-47d8-bbb5-42feb611262e", assignerShortName: "zdi", cveId: "CVE-2023-27358", datePublished: "2024-05-03T01:56:10.655Z", dateReserved: "2023-02-28T17:58:45.482Z", dateUpdated: "2024-08-02T12:09:43.431Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-48196
Vulnerability from cvelistv5
Published
2022-12-30 00:00
Modified
2024-08-03 15:10
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects RAX40 before 1.0.2.60, RAX35 before 1.0.2.60, R6400v2 before 1.0.4.122, R6700v3 before 1.0.4.122, R6900P before 1.3.3.152, R7000P before 1.3.3.152, R7000 before 1.0.11.136, R7960P before 1.4.4.94, and R8000P before 1.4.4.94.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:10:59.263Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.bleepingcomputer.com/news/security/netgear-warns-users-to-patch-recently-fixed-wifi-router-bug/", }, { tags: [ "x_transferred", ], url: "https://kb.netgear.com/000065495/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2019-0208", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects RAX40 before 1.0.2.60, RAX35 before 1.0.2.60, R6400v2 before 1.0.4.122, R6700v3 before 1.0.4.122, R6900P before 1.3.3.152, R7000P before 1.3.3.152, R7000 before 1.0.11.136, R7960P before 1.4.4.94, and R8000P before 1.4.4.94.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:L/AV:A/A:H/C:N/I:N/PR:N/S:C/UI:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-30T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://www.bleepingcomputer.com/news/security/netgear-warns-users-to-patch-recently-fixed-wifi-router-bug/", }, { url: "https://kb.netgear.com/000065495/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2019-0208", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-48196", datePublished: "2022-12-30T00:00:00", dateReserved: "2022-12-30T00:00:00", dateUpdated: "2024-08-03T15:10:59.263Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-27647
Vulnerability from cvelistv5
Published
2023-03-29 00:00
Modified
2025-02-18 17:41
Severity ?
EPSS score ?
Summary
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the name or email field provided to libreadycloud.so. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15874.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T05:32:59.969Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327", }, { tags: [ "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-524/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-27647", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-18T17:40:25.890386Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-18T17:41:07.125Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "R6700v3", vendor: "NETGEAR", versions: [ { status: "affected", version: "1.0.4.120_10.0.91", }, ], }, ], credits: [ { lang: "en", value: "Bugscale team", }, ], descriptions: [ { lang: "en", value: "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the name or email field provided to libreadycloud.so. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15874.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-29T00:00:00.000Z", orgId: "99f1926a-a320-47d8-bbb5-42feb611262e", shortName: "zdi", }, references: [ { url: "https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327", }, { url: "https://www.zerodayinitiative.com/advisories/ZDI-22-524/", }, ], }, }, cveMetadata: { assignerOrgId: "99f1926a-a320-47d8-bbb5-42feb611262e", assignerShortName: "zdi", cveId: "CVE-2022-27647", datePublished: "2023-03-29T00:00:00.000Z", dateReserved: "2022-03-22T00:00:00.000Z", dateUpdated: "2025-02-18T17:41:07.125Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-35800
Vulnerability from cvelistv5
Published
2020-12-29 23:29
Modified
2024-08-04 17:09
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, CBK40 before 2.5.0.10, CBR40 before 2.5.0.10, D6000 before 1.0.0.80, D6220 before 1.0.0.60, D6400 before 1.0.0.94, D7000v2 before 1.0.0.62, D7800 before 1.0.3.48, D8500 before 1.0.3.50, DC112A before 1.0.0.48, DGN2200v4 before 1.0.0.114, DM200 before 1.0.0.66, EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX2700 before 1.0.1.58, EX3110 before 1.0.1.68, EX3700 before 1.0.0.84, EX3800 before 1.0.0.84, EX3920 before 1.0.0.84, EX6000 before 1.0.0.44, EX6100v2 before 1.0.1.94, EX6110 before 1.0.1.68, EX6120 before 1.0.0.54, EX6130 before 1.0.0.36, EX6150v1 before 1.0.0.46, EX6150v2 before 1.0.1.94, EX6200v1 before 1.0.3.94, EX6250 before 1.0.0.128, EX6400 before 1.0.2.152, EX6400v2 before 1.0.0.128, EX6410 before 1.0.0.128, EX6920 before 1.0.0.54, EX7000 before 1.0.1.90, EX7300 before 1.0.2.152, EX7300v2 before 1.0.0.128, EX7320 before 1.0.0.128, EX7500 before 1.0.0.68, EX7700 before 1.0.0.210, EX8000 before 1.0.1.224, MK62 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, R6120 before 1.0.0.70, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6250 before 1.0.4.42, R6260 before 1.1.0.76, R6300v2 before 1.0.4.42, R6330 before 1.1.0.76, R6350 before 1.1.0.76, R6400v1 before 1.0.1.62, R6400v2 before 1.0.4.98, R6700v1 before 1.0.2.16, R6700v2 before 1.2.0.72, R6700v3 before 1.0.4.98, R6800 before 1.2.0.72, R6800 before 1.2.0.72, R6850 before 1.1.0.76, R6900 before 1.0.2.16, R6900P before 1.3.2.124, R6900v2 before 1.2.0.72, R7000 before 1.0.11.106, R7000P before 1.3.2.124, R7100LG before 1.0.0.56, R7200 before 1.2.0.72, R7350 before 1.2.0.72, R7400 before 1.2.0.72, R7450 before 1.2.0.72, R7500v2 before 1.0.3.48, R7800 before 1.0.2.74, R7850 before 1.0.5.60, R7900 before 1.0.4.26, R7900P before 1.4.1.62, R7960P before 1.4.1.62, R8000 before 1.0.4.58, R8000P before 1.4.1.62, R8300 before 1.0.2.134, R8500 before 1.0.2.134, R8900 before 1.0.5.24, R9000 before 1.0.5.24, RAX120 before 1.0.1.136, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX200 before 1.0.5.24, RAX35 before 1.0.3.80, RAX40 before 1.0.3.80, RAX45 before 1.0.2.64, RAX50 before 1.0.2.64, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK12 before 2.6.1.44, RBR10 before 2.6.1.44, RBS10 before 2.6.1.44, RBK20 before 2.6.1.38, RBR20 before 2.6.1.36, RBS20 before 2.6.1.38, RBK40 before 2.6.1.38, RBR40 before 2.6.1.38, RBS40 before 2.6.1.38, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK842 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBS40V before 2.5.1.6, RBS40V-200 before 1.0.0.46, RBS50Y before 2.6.1.40, RBW30 before 2.5.0.4, RS400 before 1.5.0.48, WN2500RPv2 before 1.0.1.56, WN3000RPv3 before 1.0.2.86, WN3500RPv1 before 1.0.0.28, WNDR3400v3 before 1.0.1.32, WNR1000v3 before 1.0.2.78, WNR2000v2 before 1.2.0.12, XR300 before 1.0.3.50, XR450 before 2.3.2.66, XR500 before 2.3.2.66, and XR700 before 1.0.1.34.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T17:09:15.177Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://kb.netgear.com/000062733/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Range-Extenders-and-Orbi-WiFi-Systems-PSV-2020-0112", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, CBK40 before 2.5.0.10, CBR40 before 2.5.0.10, D6000 before 1.0.0.80, D6220 before 1.0.0.60, D6400 before 1.0.0.94, D7000v2 before 1.0.0.62, D7800 before 1.0.3.48, D8500 before 1.0.3.50, DC112A before 1.0.0.48, DGN2200v4 before 1.0.0.114, DM200 before 1.0.0.66, EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX2700 before 1.0.1.58, EX3110 before 1.0.1.68, EX3700 before 1.0.0.84, EX3800 before 1.0.0.84, EX3920 before 1.0.0.84, EX6000 before 1.0.0.44, EX6100v2 before 1.0.1.94, EX6110 before 1.0.1.68, EX6120 before 1.0.0.54, EX6130 before 1.0.0.36, EX6150v1 before 1.0.0.46, EX6150v2 before 1.0.1.94, EX6200v1 before 1.0.3.94, EX6250 before 1.0.0.128, EX6400 before 1.0.2.152, EX6400v2 before 1.0.0.128, EX6410 before 1.0.0.128, EX6920 before 1.0.0.54, EX7000 before 1.0.1.90, EX7300 before 1.0.2.152, EX7300v2 before 1.0.0.128, EX7320 before 1.0.0.128, EX7500 before 1.0.0.68, EX7700 before 1.0.0.210, EX8000 before 1.0.1.224, MK62 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, R6120 before 1.0.0.70, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6250 before 1.0.4.42, R6260 before 1.1.0.76, R6300v2 before 1.0.4.42, R6330 before 1.1.0.76, R6350 before 1.1.0.76, R6400v1 before 1.0.1.62, R6400v2 before 1.0.4.98, R6700v1 before 1.0.2.16, R6700v2 before 1.2.0.72, R6700v3 before 1.0.4.98, R6800 before 1.2.0.72, R6800 before 1.2.0.72, R6850 before 1.1.0.76, R6900 before 1.0.2.16, R6900P before 1.3.2.124, R6900v2 before 1.2.0.72, R7000 before 1.0.11.106, R7000P before 1.3.2.124, R7100LG before 1.0.0.56, R7200 before 1.2.0.72, R7350 before 1.2.0.72, R7400 before 1.2.0.72, R7450 before 1.2.0.72, R7500v2 before 1.0.3.48, R7800 before 1.0.2.74, R7850 before 1.0.5.60, R7900 before 1.0.4.26, R7900P before 1.4.1.62, R7960P before 1.4.1.62, R8000 before 1.0.4.58, R8000P before 1.4.1.62, R8300 before 1.0.2.134, R8500 before 1.0.2.134, R8900 before 1.0.5.24, R9000 before 1.0.5.24, RAX120 before 1.0.1.136, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX200 before 1.0.5.24, RAX35 before 1.0.3.80, RAX40 before 1.0.3.80, RAX45 before 1.0.2.64, RAX50 before 1.0.2.64, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK12 before 2.6.1.44, RBR10 before 2.6.1.44, RBS10 before 2.6.1.44, RBK20 before 2.6.1.38, RBR20 before 2.6.1.36, RBS20 before 2.6.1.38, RBK40 before 2.6.1.38, RBR40 before 2.6.1.38, RBS40 before 2.6.1.38, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK842 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBS40V before 2.5.1.6, RBS40V-200 before 1.0.0.46, RBS50Y before 2.6.1.40, RBW30 before 2.5.0.4, RS400 before 1.5.0.48, WN2500RPv2 before 1.0.1.56, WN3000RPv3 before 1.0.2.86, WN3500RPv1 before 1.0.0.28, WNDR3400v3 before 1.0.1.32, WNR1000v3 before 1.0.2.78, WNR2000v2 before 1.2.0.12, XR300 before 1.0.3.50, XR450 before 2.3.2.66, XR500 before 2.3.2.66, and XR700 before 1.0.1.34.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 9.4, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:L/AV:N/A:L/C:H/I:H/PR:N/S:U/UI:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-12-29T23:29:39", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://kb.netgear.com/000062733/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Range-Extenders-and-Orbi-WiFi-Systems-PSV-2020-0112", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-35800", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, CBK40 before 2.5.0.10, CBR40 before 2.5.0.10, D6000 before 1.0.0.80, D6220 before 1.0.0.60, D6400 before 1.0.0.94, D7000v2 before 1.0.0.62, D7800 before 1.0.3.48, D8500 before 1.0.3.50, DC112A before 1.0.0.48, DGN2200v4 before 1.0.0.114, DM200 before 1.0.0.66, EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX2700 before 1.0.1.58, EX3110 before 1.0.1.68, EX3700 before 1.0.0.84, EX3800 before 1.0.0.84, EX3920 before 1.0.0.84, EX6000 before 1.0.0.44, EX6100v2 before 1.0.1.94, EX6110 before 1.0.1.68, EX6120 before 1.0.0.54, EX6130 before 1.0.0.36, EX6150v1 before 1.0.0.46, EX6150v2 before 1.0.1.94, EX6200v1 before 1.0.3.94, EX6250 before 1.0.0.128, EX6400 before 1.0.2.152, EX6400v2 before 1.0.0.128, EX6410 before 1.0.0.128, EX6920 before 1.0.0.54, EX7000 before 1.0.1.90, EX7300 before 1.0.2.152, EX7300v2 before 1.0.0.128, EX7320 before 1.0.0.128, EX7500 before 1.0.0.68, EX7700 before 1.0.0.210, EX8000 before 1.0.1.224, MK62 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, R6120 before 1.0.0.70, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6250 before 1.0.4.42, R6260 before 1.1.0.76, R6300v2 before 1.0.4.42, R6330 before 1.1.0.76, R6350 before 1.1.0.76, R6400v1 before 1.0.1.62, R6400v2 before 1.0.4.98, R6700v1 before 1.0.2.16, R6700v2 before 1.2.0.72, R6700v3 before 1.0.4.98, R6800 before 1.2.0.72, R6800 before 1.2.0.72, R6850 before 1.1.0.76, R6900 before 1.0.2.16, R6900P before 1.3.2.124, R6900v2 before 1.2.0.72, R7000 before 1.0.11.106, R7000P before 1.3.2.124, R7100LG before 1.0.0.56, R7200 before 1.2.0.72, R7350 before 1.2.0.72, R7400 before 1.2.0.72, R7450 before 1.2.0.72, R7500v2 before 1.0.3.48, R7800 before 1.0.2.74, R7850 before 1.0.5.60, R7900 before 1.0.4.26, R7900P before 1.4.1.62, R7960P before 1.4.1.62, R8000 before 1.0.4.58, R8000P before 1.4.1.62, R8300 before 1.0.2.134, R8500 before 1.0.2.134, R8900 before 1.0.5.24, R9000 before 1.0.5.24, RAX120 before 1.0.1.136, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX200 before 1.0.5.24, RAX35 before 1.0.3.80, RAX40 before 1.0.3.80, RAX45 before 1.0.2.64, RAX50 before 1.0.2.64, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK12 before 2.6.1.44, RBR10 before 2.6.1.44, RBS10 before 2.6.1.44, RBK20 before 2.6.1.38, RBR20 before 2.6.1.36, RBS20 before 2.6.1.38, RBK40 before 2.6.1.38, RBR40 before 2.6.1.38, RBS40 before 2.6.1.38, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK842 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBS40V before 2.5.1.6, RBS40V-200 before 1.0.0.46, RBS50Y before 2.6.1.40, RBW30 before 2.5.0.4, RS400 before 1.5.0.48, WN2500RPv2 before 1.0.1.56, WN3000RPv3 before 1.0.2.86, WN3500RPv1 before 1.0.0.28, WNDR3400v3 before 1.0.1.32, WNR1000v3 before 1.0.2.78, WNR2000v2 before 1.2.0.12, XR300 before 1.0.3.50, XR450 before 2.3.2.66, XR500 before 2.3.2.66, and XR700 before 1.0.1.34.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:L/AV:N/A:L/C:H/I:H/PR:N/S:U/UI:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000062733/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Range-Extenders-and-Orbi-WiFi-Systems-PSV-2020-0112", refsource: "MISC", url: "https://kb.netgear.com/000062733/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Range-Extenders-and-Orbi-WiFi-Systems-PSV-2020-0112", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-35800", datePublished: "2020-12-29T23:29:39", dateReserved: "2020-12-29T00:00:00", dateUpdated: "2024-08-04T17:09:15.177Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-45493
Vulnerability from cvelistv5
Published
2021-12-26 01:04
Modified
2024-08-04 04:39
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RAX35 before 1.0.4.102, RAX38 before 1.0.4.102, and RAX40 before 1.0.4.102.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:39:21.278Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://kb.netgear.com/000064453/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-Routers-PSV-2019-0293", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RAX35 before 1.0.4.102, RAX38 before 1.0.4.102, and RAX40 before 1.0.4.102.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AC:L/AV:N/A:L/C:H/I:L/PR:N/S:U/UI:R", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-26T01:04:53", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://kb.netgear.com/000064453/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-Routers-PSV-2019-0293", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-45493", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RAX35 before 1.0.4.102, RAX38 before 1.0.4.102, and RAX40 before 1.0.4.102.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AC:L/AV:N/A:L/C:H/I:L/PR:N/S:U/UI:R", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000064453/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-Routers-PSV-2019-0293", refsource: "MISC", url: "https://kb.netgear.com/000064453/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-Routers-PSV-2019-0293", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-45493", datePublished: "2021-12-26T01:04:53", dateReserved: "2021-12-25T00:00:00", dateUpdated: "2024-08-04T04:39:21.278Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-38535
Vulnerability from cvelistv5
Published
2021-08-10 23:59
Modified
2024-08-04 01:44
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.76, R6260 before 1.1.0.78, R6700v2 before 1.2.0.76, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, RAX35 before 1.0.3.62, and RAX40 before 1.0.3.62.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T01:44:23.440Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://kb.netgear.com/000063773/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Gateways-PSV-2019-0192", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.76, R6260 before 1.1.0.78, R6700v2 before 1.2.0.76, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, RAX35 before 1.0.3.62, and RAX40 before 1.0.3.62.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AC:L/AV:A/A:N/C:L/I:L/PR:H/S:C/UI:R", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-08-10T23:59:23", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://kb.netgear.com/000063773/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Gateways-PSV-2019-0192", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-38535", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.76, R6260 before 1.1.0.78, R6700v2 before 1.2.0.76, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, RAX35 before 1.0.3.62, and RAX40 before 1.0.3.62.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "NONE", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AC:L/AV:A/A:N/C:L/I:L/PR:H/S:C/UI:R", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000063773/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Gateways-PSV-2019-0192", refsource: "MISC", url: "https://kb.netgear.com/000063773/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Gateways-PSV-2019-0192", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-38535", datePublished: "2021-08-10T23:59:23", dateReserved: "2021-08-10T00:00:00", dateUpdated: "2024-08-04T01:44:23.440Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }