CVE-2021-45557

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects GC108P before 1.0.8.2, GC108PP before 1.0.8.2, GS108Tv3 before 7.0.7.2, GS110TPv3 before 7.0.7.2, GS110TPP before 7.0.7.2, GS110TUP before 1.0.5.3, GS710TUP before 1.0.5.3, GS308T before 1.0.3.2,...

CVE-2021-41314

Certain NETGEAR smart switches are affected by a \n injection in the web UI's password field, which - due to several faulty aspects of the authentication scheme - allows the attacker to create or overwrite a file with specific content e.g., the "2" string. This leads to admin session crafting and...

CVE-2021-40867

Certain NETGEAR smart switches are affected by an authentication hijacking race-condition vulnerability by an unauthenticated attacker who uses the same source IP address as an admin in the process of logging in e.g., behind the same NAT device, or already in possession of a foothold on an admin'...

Race condition

Certain NETGEAR smart switches are affected by an authentication hijacking race-condition vulnerability by an unauthenticated attacker who uses the same source IP address as an admin in the process of logging in e.g., behind the same NAT device, or already in possession of a foothold on an admin'...

NETGEAR 安全漏洞

GC108P and other smart switch products from Netgear, U.S.A. Several of Netgear's smart switches are vulnerable to an input validation error, which stems from a failure of the daemon to check for validation when an authentication TLV is missing from an incoming NSDP packet. An unauthenticated...

PT-2021-22993 · NetGear · Netgear Gc108P +15

Name of the Vulnerable Software and Affected Versions: NETGEAR GC108P versions prior to 1.0.8.2 NETGEAR GC108PP versions prior to 1.0.8.2 NETGEAR GS108Tv3 versions prior to 7.0.7.2 NETGEAR GS110TPP versions prior to 7.0.7.2 NETGEAR GS110TPv3 versions prior to 7.0.7.2 NETGEAR GS110TUP versions pri...

PT-2021-5337 · NetGear · Gs752Tpp +16

Name of the Vulnerable Software and Affected Versions: NETGEAR GC108P versions prior to 1.0.8.2 NETGEAR GC108PP versions prior to 1.0.8.2 NETGEAR GS108Tv3 versions prior to 7.0.7.2 NETGEAR GS110TPP versions prior to 7.0.7.2 NETGEAR GS110TPv3 versions prior to 7.0.7.2 NETGEAR GS110TUP versions pri...

Command injection

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker via the vulnerable /sqfs/lib/libsal.so.0.0 library used by a CGI application, as demonstrated by setup.cgi?token=';$HTTPUSERAGENT;' with an OS command in the User-Agent field. This affects GC108P before...

CVE-2021-33514

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker via the vulnerable /sqfs/lib/libsal.so.0.0 library used by a CGI application, as demonstrated by setup.cgi?token=';$HTTPUSERAGENT;' with an OS command in the User-Agent field. This affects GC108P before...