4 matches found
CVE-2025-65821
As UART download mode is still enabled on the ESP32 chip on which the firmware runs, an adversary can dump the flash from the device and retrieve sensitive information such as details about the current and previous Wi-Fi network from the NVS partition. Additionally, this allows the adversary to...
CVE-2025-65821
The CVE-2025-65821 entry concerns the ESP32 chip where UART download mode remains enabled. The vulnerability affects the UART download mechanism that can be exploited to dump the device flash, exposing sensitive data stored in the NVS partition (e.g., current and prior Wi‑Fi network details) and ...
Netgear Unauthenticated SOAP Password Extractor
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Netgear Unauthenticated SOAP Password Extractor', 'Description' = %q This module exploits an authentication bypass vulnerability in different...
CVE-2020-11550
An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite SRS60 AC3000 V2.5.1.106, Outdoor Satellite RBS50Y V2.5.1.106, and Pro Tri-Band Business WiFi Router SRR60 AC3000 V2.5.1.106. The administrative SOAP interface allows an unauthenticated remote leak of sensitive/arbitra...