R7000 Firmware Security Vulnerabilities

CVE-2021-38514

Certain NETGEAR devices are affected by authentication bypass. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, D6100 before 1.0.0.63, D6200 before 1.1.00.34, D6220 before 1.0.0.48, D6400 before 1.0.0.86, D7000 before 1.0.1.70, D7000v2 before 1.0.0.52, D7800 before 1.0.1.56, D8500 before....

CVE-2021-38519

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6250 before 1.0.4.36, R6300v2 before 1.0.4.36, R6400 before 1.0.1.50, R6400v2 before 1.0.2.66, R6700v3 before 1.0.2.66, R6700 before 1.0.2.8, R6900 before 1.0.2.8, R7000 before 1.0.9.88, R6900P before....

CVE-2021-31802

NETGEAR R7000 1.0.11.116 devices have a heap-based Buffer Overflow that is exploitable from the local network without authentication. The vulnerability exists within the handling of an HTTP request. An attacker can leverage this to execute code as root. The problem is that a user-provided length...

CVE-2021-29068

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R6700v3 before 1.0.4.98, R6400v2 before 1.0.4.98, R7000 before 1.0.11.106, R6900P before 1.3.2.124, R7000P before 1.3.2.124, R7900 before 1.0.4.26, R7850 before 1.0.5.60, R8000 before 1.0.4.58, RS400...

CVE-2021-29080

Certain NETGEAR devices are affected by password reset by an unauthenticated attacker. This affects RBK852 before 3.2.10.11, RBK853 before 3.2.10.11, RBR854 before 3.2.10.11, RBR850 before 3.2.10.11, RBS850 before 3.2.10.11, CBR40 before 2.5.0.10, R7000 before 1.0.11.116, R6900P before 1.3.2.126,.....

CVE-2020-35798

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects R6400v2 before 1.0.4.84, R6700v3 before 1.0.4.84, R6900P before 1.3.2.124, R7000 before 1.0.11.100, R7000P before 1.3.2.124, R7800 before 1.0.2.74, R7850 before 1.0.5.60, R7900 before 1.0.4.26,...

CVE-2020-35800

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, CBK40 before 2.5.0.10, CBR40 before 2.5.0.10, D6000 before 1.0.0.80, D6220 before 1.0.0.60, D6400 before 1.0.0.94, D7000v2...

CVE-2020-35796

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects CBR40 before 2.5.0.10, D6220 before 1.0.0.60, D6400 before 1.0.0.94, D7000v2 before 1.0.0.62, D8500 before 1.0.3.50, DC112A before 1.0.0.48, DGN2200v4 before 1.0.0.114, EAX20 before 1.0.0.36,...

CVE-2020-35787

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6200 before 1.1.00.36, D7000 before 1.0.1.70, EX6200v2 before 1.0.1.78, EX7000 before 1.0.1.78, EX8000 before 1.0.1.186, JR6150 before 1.0.1.18, PR2000...

CVE-2020-35795

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, CBK40 before 2.5.0.10, CBR40 before 2.5.0.10, D7800 before 1.0.1.58, EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX7500...

CVE-2017-18864

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects R6400 before 1.0.1.24, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.4, R7000P before 1.0.0.56, R6900P before 1.0.0.56, R7100LG before 1.0.0.32, R7300.....

CVE-2017-18853

Certain NETGEAR devices are affected by password recovery and file access. This affects D8500 1.0.3.27 and earlier, DGN2200v4 1.0.0.82 and earlier, R6300v2 1.0.4.06 and earlier, R6400 1.0.1.20 and earlier, R6400v2 1.0.2.18 and earlier, R6700 1.0.1.22 and earlier, R6900 1.0.1.20 and earlier, R7000.....

CVE-2018-21225

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7000 before 1.0.1.60, D7800 before 1.0.1.34, D8500 before 1.0.3.39, R6700 before 1.0.1.30, R6700v2 before 1.2.0.16, R6800 before 1.2.0.16, R6900 before 1.0.1.30, R6900P before 1.2.0.22, R6900v2 before....

CVE-2016-11059

Certain NETGEAR devices are affected by password exposure. This affects AC1450 before 2017-01-06, C6300 before 2017-01-06, D500 before 2017-01-06, D1500 before 2017-01-06, D3600 before 2017-01-06, D6000 before 2017-01-06, D6100 before 2017-01-06, D6200 before 2017-01-06, D6200B before 2017-01-06,.....

CVE-2018-21157

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.28, R6700 before 1.0.1.44, R6900 before 1.0.1.44, R7000 before 1.0.9.28, R7500v2 before 1.0.3.24, R7800 before 1.0.2.38, R9000 before 1.0.2.52, WNDR4300v2 before 1.0.0.50, and...

CVE-2018-21156

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D6220 before 1.0.0.38, D6400 before 1.0.0.74, D7000v2 before 1.0.0.74, D8500 before 1.0.3.39, DGN2200v4 before 1.0.0.102, DGN2200Bv4 before 1.0.0.102, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70,...

CVE-2018-21093

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D8500 before 1.0.3.42, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.24, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150 before...

CVE-2017-18700

Certain NETGEAR devices are affected by stored XSS. This affects D6400 before 1.0.0.60, D7000 before 1.0.1.50, D8500 before 1.0.3.29, EX6200 before 1.0.3.84, EX7000 before 1.0.0.60, R6250 before 1.0.4.16, R6300v2 before 1.0.4.18, R6400 before 1.01.32, R6400v2 before 1.0.2.44, R6700 before...

CVE-2018-21227

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, R6400v2 before 1.0.2.34, R6700 before 1.0.1.30, R6900 before 1.0.1.30, R6900P before 1.0.0.62, R7000 before 1.0.9.12, R7000P before 1.0.0.62, R7500v2 before 1.0.3.26, R7800...

CVE-2018-21231

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D1500 before 1.0.0.27, D500 before 1.0.0.27, D6100 before 1.0.0.57, D6220 before 1.0.0.40, D6400 before 1.0.0.74, D7000 before 1.0.1.60, D7800 before 1.0.1.34, D8500 before 1.0.3.39, DGN2200v4 before....

CVE-2017-18704

Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects D6220 before 1.0.0.32, D6400 before 1.0.0.60, D8500 before 1.0.3.29, R6250 before 1.0.4.16, R6300v2 before 1.0.4.18, R6400 before 1.01.32, R6400v2 before 1.0.2.44, R6700 before 1.0.1.36, R6900...

CVE-2018-21230

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D1500 before 1.0.0.27, D500 before 1.0.0.27, D6100 before 1.0.0.57, D6220 before 1.0.0.40, D6400 before 1.0.0.74, D7000 before 1.0.1.60, D7800 before 1.0.1.34, D8500 before 1.0.3.39, DGN2200v4 before....

CVE-2017-18711

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D7800 before 1.0.1.28, R6400 before 1.01.32, R6400v2 before 1.0.2.44, R6700 before 1.0.1.36, R6900 before 1.0.1.34, R6900P before 1.3.0.8, R7000 before 1.0.9.14, R7000P before 1.3.0.8, R7500v2 before....

CVE-2018-21139

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects D1500 before 1.0.0.27, D500 before 1.0.0.27, D6100 before 1.0.0.58, D6200 before 1.1.00.30, D6220 before 1.0.0.46, D6400 before 1.0.0.82, D7000 before 1.0.1.68, D7000v2 before 1.0.0.51, D7800 before 1.0.1.42,....

CVE-2018-21162

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6400 before 1.0.0.78, EX6200 before 1.0.3.86, EX7000 before 1.0.0.64, R6250 before 1.0.4.8, R6300v2 before 1.0.4.6, R6400 before 1.0.1.12, R6700 before 1.0.1.16, R7000 before 1.0.7.10, R7100LG...

CVE-2018-21134

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects R6700 before 1.0.1.48, R7900 before 1.0.2.16, R6900 before 1.0.1.48, R7000P before 1.3.1.44, R6900P before 1.3.1.44, R6250 before 1.0.4.30, R6300v2 before 1.0.4.32, R6400 before...

CVE-2017-18738

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects EX6150v2 before 1.0.1.54, R6400 before 1.0.1.24, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.10, R7000P before 1.2.0.22, R6900P before...

CVE-2017-18741

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R6250 before 1.0.4.8, R6300v2 before 1.0.4.8, R6700 before 1.0.1.20, R7000 before 1.0.7.10, R7000P before 1.0.0.58, R6900P before 1.0.0.58, R7100LG before 1.0.0.32, R7900 before 1.0.1.14, R8000...

CVE-2017-18744

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects R6250 before 1.0.4.12, R6300v2 before 1.0.4.12, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.4, R7900 before 1.0.1.12, R8000 before 1.0.3.24, and R8500 before...

CVE-2017-18745

Certain NETGEAR devices are affected by stored XSS. This affects R6400 before 1.0.1.14, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.4, R7100LG before 1.0.0.32, R7300DST before 1.0.0.56, R7900 before 1.0.1.12, R8000 before 1.0.3.24, and R8500 before...

CVE-2017-18743

Certain NETGEAR devices are affected by authentication bypass. This affects R6300v2 before 1.0.4.8, R6400 before 1.0.1.20, R6700 before 1.0.1.20, R6900 before 1.0.1.20, R7000 before 1.0.7.10, R7100LG before V1.0.0.32, R7300DST before 1.0.0.52, R7900 before 1.0.1.16, R8000 before 1.0.3.36, R8300...

CVE-2017-18752

Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6120 before 1.0.0.32, EX6130 before 1.0.0.16, R6300v2 before 1.0.4.12, R6700 before 1.0.1.26, R6900 before 1.0.1.22, R7000 before 1.0.9.6, R7300DST.....

CVE-2017-18756

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D6220 before 1.0.0.32, D6400 before 1.0.0.66, D8500 before 1.0.3.35, DGN2200Bv4 before 1.0.0.94, DGN2200v4 before 1.0.0.94, R6250 before 1.0.4.14, R6300v2 before 1.0.4.18, R6400 before 1.01.32,...

CVE-2017-18762

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D3600 before 1.0.0.68, D6000 before 1.0.0.68, D6100 before 1.0.0.57, R6100 before 1.0.1.16, R6900P before 1.2.0.22, R7000 before 1.0.9.10, R7000P before 1.2.0.22, R7100LG before 1.0.0.40,...

CVE-2017-18767

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, D8500 before 1.0.3.39, R6400 before 1.0.1.14, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.4, R7100LG before 1.0.0.32, R7300 before...

CVE-2017-18772

Certain NETGEAR devices are affected by authentication bypass. This affects EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6120 before 1.0.0.32, EX6130 before 1.0.0.16, R6300v2 before 1.0.4.12, R6700 before 1.0.1.26, R6900 before 1.0.1.22, R7000 before 1.0.9.6, R7300DST before 1.0.0.52, R7900...

CVE-2017-18777

Certain NETGEAR devices are affected by administrative password disclosure. This affects D6220 before V1.0.0.28, D6400 before V1.0.0.60, D8500 before V1.0.3.29, DGN2200v4 before 1.0.0.82, DGN2200Bv4 before 1.0.0.82, R6300v2 before 1.0.4.8, R6400 before 1.0.1.20, R6700 before 1.0.1.20, R6900 before....

CVE-2017-18785

Certain NETGEAR devices are affected by XSS. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D6200 before 1.1.00.24, D6220 before 1.0.0.32, D6400 before 1.0.0.66, D7000 before 1.0.1.52, D7000v2 before 1.0.0.44, D7800 before 1.0.1.30, D8500 before 1.0.3.35,...

CVE-2017-18769

Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects D6220 before 1.0.0.40, D6400 before 1.0.0.74, D7000 before 1.0.1.60, D7800 before 1.0.1.34, D8500 before 1.0.3.39, DGN2200v4 before 1.0.0.94, DGN2200Bv4 before 1.0.0.94, EX6200v2 before 1.0.1.50,...

CVE-2017-18788

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D6200 before 1.1.00.24, D6220 before 1.0.0.32, D6400 before 1.0.0.66, D7000 before 1.0.1.52, D7000v2 before 1.0.0.44, D7800 before...

CVE-2017-18794

Certain NETGEAR devices are affected by command injection. This affects R6300v2 before 1.0.4.8_10.0.77, R6400 before 1.0.1.24, R6700 before 1.0.1.26, R7000 before 1.0.9.10, R7100LG before 1.0.0.32, R7900 before 1.0.1.18, R8000 before 1.0.3.54, R8500 before 1.0.2.100, and D6100 before...

CVE-2017-18796

Certain NETGEAR devices are affected by command injection. This affects R6400 before 1.0.1.24, R6700 before 1.0.1.26, R6900 before 1.0.1.28, R7000 before 1.0.9.10, R7000P before 1.0.1.16, R6900P before 1.0.1.16, and R7800 before...

CVE-2017-18790

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects R6700 before 1.0.1.26, R7000 before 1.0.9.10, R7100LG before 1.0.0.32, R7900 before 1.0.1.18, R8000 before 1.0.3.54, and R8500 before...

CVE-2017-18799

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R6200v2 before 1.0.3.14, R6250 before 1.0.4.8, R6300v2 before 1.0.4.8, R6700 before 1.1.1.20, R7000 before 1.0.7.10, R7000P/R6900P before 1.0.0.56, R7100LG before 1.0.0.30, R7900 before 1.0.1.14,...

CVE-2017-18849

Certain NETGEAR devices are affected by command injection. This affects D6220 before 1.0.0.26, D6400 before 1.0.0.60, D8500 before 1.0.3.29, R6250 before 1.0.4.12, R6400 before 1.01.24, R6400v2 before 1.0.2.30, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R6900P before 1.0.0.56, R7000 before...

CVE-2017-18850

Certain NETGEAR devices are affected by authentication bypass. This affects D6220 before 1.0.0.26, D6400 before 1.0.0.60, D8500 before 1.0.3.29, R6250 before 1.0.4.12, R6400 before 1.01.24, R6400v2 before 1.0.2.30, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R6900P before 1.0.0.56, R7000 before.....

CVE-2019-20754

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects DGN2200 before 1.0.0.58, DGN2200B before 1.0.0.58, D8500 before 1.0.3.42, D7000v2 before 1.0.0.51, D6400 before 1.0.0.80, D6220 before 1.0.0.44, EX7000 before 1.0.0.66, EX6200 before 1.0.3.88, EX6150...

CVE-2019-20758

NETGEAR R7000 devices before 1.0.9.42 are affected by a buffer overflow by an authenticated...

CVE-2019-20753

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects DGN2200v1 before 1.0.0.58, D8500 before 1.0.3.42, D7000v2 before 1.0.0.51, D6400 before 1.0.0.78, D6220 before 1.0.0.44, JNDR3000 before 1.0.0.24, R8000 before 1.0.4.18, R8500 before.....

CVE-2019-20755

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6220 before 1.0.0.46, D6400 before 1.0.0.80, D7000v2 before 1.0.0.51, D8500 before 1.0.3.42, DGN2200v1 before 1.0.0.58, DGN2200B before 1.0.0.58, JNDR3000 before 1.0.0.24, RBW30 before...