Rax43 Firmware Security Vulnerabilities and Issues — Rax43 Firmware CVE List

Lucene search

NetgearRax43 Firmware

8 matches found

CVE•added 2021/12/30 10:15 p.m.•145 views

CVE-2021-20166

Netgear RAX43 version 1.0.3.96 contains a buffer overrun vulnerability. The URL parsing functionality in the cgi-bin endpoint of the router containers a buffer overrun issue that can redirection control flow of the applicaiton.

8.8CVSS8.8AI score0.422EPSS

CVE•added 2021/12/30 10:15 p.m.•128 views

CVE-2021-20167

Netgear RAX43 version 1.0.3.96 contains a command injection vulnerability. The readycloud cgi application is vulnerable to command injection in the name parameter.

8CVSS8.1AI score0.8301EPSS

CVE•added 2021/11/15 4:15 p.m.•114 views

CVE-2021-34991

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400v2 1.0.4.106_10.0.80 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on TCP port 5000 by de...

8.8CVSS8.9AI score0.00565EPSS

CVE•added 2023/03/29 7:15 p.m.•53 views

CVE-2022-27645

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from the lack of authentication...

8.8CVSS8.9AI score0.00165EPSS

CVE•added 2023/03/29 7:15 p.m.•46 views

CVE-2022-27642

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service. The issue results from incorrect str...

8.8CVSS7.2AI score0.00037EPSS

CVE•added 2023/03/29 7:15 p.m.•40 views

CVE-2022-27647

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists w...

8CVSS8AI score0.00064EPSS

CVE•added 2021/12/26 1:15 a.m.•38 views

CVE-2021-45549

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects LAX20 before 1.1.6.28, MK62 before 1.1.6.122, MR60 before 1.1.6.122, MS60 before 1.1.6.122, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.116, R7000P b...

8.4CVSS6.8AI score0.00405EPSS

CVE•added 2021/12/30 10:15 p.m.•35 views

CVE-2021-20170

Netgear RAX43 version 1.0.3.96 makes use of hardcoded credentials. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted. This encryption is accomplished via a password-protected zip file with a hardcoded password (R...

8.8CVSS8.6AI score0.00165EPSS