CVE-2021-38516

CVE-2021-38516 targets NETGEAR devices where there is a lack of function-level access control. Affected devices include D6220 (before 1.0.0.48), D6400 (before 1.0.0.82), D7000v2 (before 1.0.0.52), D7800 (before 1.0.1.44), D8500 (before 1.0.3.43), and numerous other models (list in public advisori...

CVE-2020-35795

CVE-2020-35795 affects a wide range of NETGEAR devices (e.g., AC2100/AC2400/AC2600, CBK40/CBR40, D7800, EAX series, EX7500, MK62, MR60, MS60, R6120/6220/6230/6260/6330/6350/6400/6400v2/6700/6700v2/v3/6800/6850/6900P/6900/v2/7000/7000P/7200/7350/7400/7450/7800/7850/7900/8900/9000 and R-series/RAX/...

CVE-2020-35796

CVE-2020-35796 affects a broad set of NETGEAR devices (list includes CBR40, D6220, D6400, D7000v2, D8500, DC112A, DGN2200v4, EAX20/80, EX3700–EX7500, R-Series, XR300, etc.) with a pre-auth buffer overflow vulnerability. Root cause: improper handling/bounds checking leads to overflow when processi...

CVE-2020-26897

Affected NETGEAR devices (CBR40 <2.5.0.10; RBK752/RBR750/RBS750 <3.2.15.25; RBK852/RBR850/RBS850

CVE-2020-35798

CVE-2020-35798 covers unauthenticated command injection affecting a wide range of NETGEAR devices. Affected models and firmware versions include R6400v2 before 1.0.4.84, R6700v3 before 1.0.4.84, R6900P before 1.3.2.124, R7000 before 1.0.11.100, R7000P before 1.3.2.124, R7800 before 1.0.2.74, R785...

CVE-2021-38518

The CVE-2021-38518 entry covers an authenticated-command-injection vulnerability affecting several NETGEAR routers. Specifically, affected devices and fixed/affected versions include RAX200, RAX75, and RAX80 prior to 1.0.4.120, and RBK852, RBR850, and RBS850 prior to 3.2.17.12. The issue arises f...

CVE-2020-35794

CVE-2020-35794 affects several NETGEAR devices (RBS40V < 2.6.1.4; RBK752, RBR750, RBS750, RBK852, RBR850, RBS850

CVE-2021-38527

CVE-2021-38527: Pre-auth command-injection vulnerability affecting a broad range of NETGEAR devices (e.g., CBR40, EX-series extenders/routers, XR series, RBK/RBR/RBS bundles, etc.). Root cause: unauthenticated input reaching a command-execution path; affected firmware versions include CBR40 <2...

CVE-2021-38513

The CVE-2021-38513 entry describes an authentication bypass affecting multiple NETGEAR devices. Affected products and firmware baselines include: RBK852, RBR850, RBS850, CBR40, EAX20, MK62, MR60, MS60, RBK752, RBR750, and RBS750 with the versions specified in the description (e.g., RBK852 before ...

CVE-2020-35800

CVE-2020-35800 affects a wide range of NETGEAR devices (e.g., AC2100/AC2400/AC2600, CBK40/CBR40, D6000/D6220/D6400/D7000v2/D7800/D8500/DC112A, EX-series, R-series, etc.). The root issue is an incorrect security settings configuration across these models, leading to a security misconfiguration. Th...

CVE-2020-26910

CVE-2020-26910 affects specific NETGEAR devices: CBR40 ≤ 2.5.0.10, RBK752 ≤ 3.2.15.25, RBR750 ≤ 3.2.15.25, RBS750 ≤ 3.2.15.25, RBK852 ≤ 3.2.15.25, RBR850 ≤ 3.2.15.25, and RBS850 ≤ 3.2.15.25. The issue is a command injection exploitable by an authenticated user. The connected documents confirm the...

CVE-2020-26901

CVE-2020-26901 affects several NETGEAR Wi‑Fi system devices: RBK752, RBR750, RBS750, RBK852, RBR850, and RBS850, all before version 3.2.15.25. The linked records describe a vulnerability involving disclosure of sensitive information. No exploitation details or exact root cause are provided in the...

CVE-2020-26900

CVE-2020-26900 affects multiple NETGEAR devices (CBR40 prior to 2.5.0.10; RBK752/RBR750/RBS750/RBK852/RBR850/RBS850 prior to 3.2.15.25). The issue is disclosure of administrative credentials, enabling partial confidentiality compromise and high integrity impact (per NVD/cna CVSS data: CVSS 3.1 ba...

CVE-2020-26904

NETGEAR devices (CBR40 < 2.5.0.10; RBK752/RBR750/RBS750 < 3.2.15.25; RBK852/RBR850/RBS850

CVE-2021-27239

The CVE-2021-27239 issue affects NETGEAR R6400 and R6700 routers with firmware 1.0.4.98. The flaw resides in the upnpd service, which listens on UDP port 1900; a crafted MX header in an SSDP message can overflow a fixed-length stack-based buffer, allowing network-adjacent attackers to execute arb...

CVE-2020-35802

CVE-2020-35802 affects NETGEAR devices (CBR40 before 2.5.0.14; RBW30 before 2.6.1.4; RAX75/RAX80 before 1.0.3.102; RBK752/RBR750/RBS750 before 3.2.16.6; RBK852/RBR850/RBS850 before 3.2.16.6; RBK842/RBR840/RBS840 before 3.2.16.6; RBS40V before 2.6.1.4) with disclosure of sensitive information. Thi...

CVE-2020-26928

CVE-2020-26928 affects several NETGEAR devices via an authentication bypass vulnerability. Affected models and firmware ranges include CBR40 < 2.5.0.10, RBK752 < 3.2.15.25, RBR750 < 3.2.15.25, RBS750 < 3.2.15.25, RBK852 < 3.2.10.11, RBR850 < 3.2.10.11, and RBS850

CVE-2020-26926

The CVE-2020-26926 issue is an authentication bypass affecting specific NETGEAR UniFi-like consumer/enterprise devices: CBR40 prior to 2.5.0.10; RBK752, RBR750, RBS750 prior to 3.2.15.25; RBK852 prior to 3.2.10.11; RBR850 prior to 3.2.10.11; RBS850 prior to 3.2.10.11. The root cause is not detail...

CVE-2020-26902

The CVE-2020-26902 issue affects certain NETGEAR wireless mesh routers (RBK752, RBR750, RBS750, RBK852, RBR850, RBS850) with firmware before 3.2.15.25. The vulnerability is a pre-authentication command injection (unauthenticated attacker). Impact per sources includes potential compromise of confi...

CVE-2021-45622

CVE-2021-45622 describes a pre-auth command-injection on a broad set of NETGEAR devices. The affected family includes CBR40, CBR750, EAX20, EAX80, EX7500, LAX20, MK62, MR60, MS60, R6400 (and variants), R6700v3, R6900P, R7000 family (and P), R7850, R7900/ P, R7960P, R8000/ P, RAX15/20/200, RAX35v2...

CVE-2020-26899

CVE-2020-26899 affects several NETGEAR Wi‑Fi systems via information disclosure. Affected models and minimum/maximum impacted versions include: CBR40 prior to 2.5.0.10; RBK752, RBR750, and RBS750 prior to 3.2.15.25; RBK852 prior to 3.2.10.11; RBR850 prior to 3.2.10.11; and RBS850 prior to 3.2.10....

CVE-2021-45613

CVE-2021-45613 affects a broad set of NETGEAR routers (e.g., CBR40 <2.5.0.24, CBR750 <4.6.3.6, D7000v2 <1.0.0.74, LAX20 <1.1.6.28, MK62 <1.0.6.116, MR60 <1.0.6.116, MS60 <1.0.6.116, MR80 <1.1.2.20, MS80 <1.1.2.20, RAX15/20/200/45/50/43/40v2/35v2/75/80 < respective 1....

CVE-2021-45614

CVE-2021-45614 affects multiple NETGEAR devices (D7000v2, LAX20, MK62, MR60, MS60, RAX系列, RBK/RBR/RBS 系列, XR1000, etc.) with an unauthenticated command-injection vulnerability. The description lists affected firmware ranges such as D7000v2 < 1.0.0.74, LAX20 < 1.1.6.28, MK62

CVE-2020-14427

CVE-2020-14427 affects certain NETGEAR WiFi systems (RBK/RBR/RBS family) where administrative credentials can be disclosed. Versions affected are RBK752/RBK753/RBK753S/RBR750/RBS750/RBK842/RBR840/RBS840/RBK852/RBK853/RBR850/RBS850 prior to 3.2.15.25. Root cause not detailed in provided documents....

CVE-2020-14430

NETGEAR devices listed (RBK752, RBK753, RBK753S, RBR750, RBS750, RBK842, RBR840, RBS840, RBK852, RBK853, RBR850, RBS850) are affected by CVE-2020-14430 due to disclosure of administrative credentials. Impacted firmware before 3.2.15.25 may expose admin credentials; no exploitation details are pro...

CVE-2020-26907

CVE-2020-26907 affects certain NETGEAR devices (RBK852, RBR850, RBS850) with firmware versions prior to 3.2.16.6. The issue is a command injection vulnerability exploitable by an unauthenticated attacker. Affected models and versions are confirmed in multiple sources (Netgear advisory; Red Hat en...

CVE-2021-45542

CVE-2021-45542 affects certain NETGEAR routers (RAX200, RAX75, RAX80, RBK852, RBR850, RBS850) with authenticated-command-injection. Affected versions: RAX200/RAX75/RAX80 before 1.0.4.120; RBK852/RBR850/RBS850 before 3.2.17.12. Root cause described as command injection by an authenticated user. CV...

CVE-2021-45612

CVE-2021-45612 affects a wide range of NETGEAR router/ extender models (e.g., CBR40, CBR750, EAX20/EAX80, EX7500, LAX20, MK62, MR60, R6400v2, R7000/7000P, R7850, R7900/7900P, R8000/8000P, RAX-series, XR-series, etc.). The vulnerability is a command injection by an unauthenticated attacker, impact...

CVE-2021-45617

CVE-2021-45617 affects a wide range of NETGEAR devices (CBR40, EAX20, EAX80, EX7500, R6400, R6900P, R7000, R7000P, R7900, R7960P, R8000, RAX200, RS400, XR300, MK62, MR60, R6400v2, R8000P, RAX20, RAX45, RAX80, MS60, R6700v3, R7900, RAX15, RAX50, RAX75, RBR750, RBR850, RBS750, RBS850, RBK752, RBK85...

CVE-2021-45620

The CVE-2021-45620 entry describes an unauthenticated command-injection vulnerability affecting a broad set of NETGEAR devices. Affected models and firmware ranges include CBR40 (<2.5.0.24), CBR750 (<4.6.3.6), EAX20 (<1.0.0.58), EAX80 (<1.0.1.68), LAX20 (<1.1.6.28), MR60 (<1.0.6...

CVE-2020-14437

CVE-2020-14437 describes a pre-auth command injection affecting certain NETGEAR WiFi/system devices. The Red Hat advisory lists affected models and firmware ranges: RBK752, RBK753, RBK753S, RBR750, RBS750, RBK842, RBR840, RBS840, RBK852, RBK853, RBR850, and RBS850, all before firmware version 3.2...

CVE-2021-45621

CVE-2021-45621 affects a wide range of NETGEAR devices (e.g., CBR40, CBR750, EAX20/80, EX-series, LAX20, MR/MS/RS/R-series, RAX/RBK/RBR/RBS/RVS lines, XR10x0) with a pre-auth command injection vulnerability caused by an unauthenticated attacker. Public reports enumerate affected firmware versions...

CVE-2021-45670

CVE-2021-45670 affects NETGEAR devices via a stored XSS vulnerability in the web UI. Connected sources enumerate affected product families and versions, including CBR40 before 2.5.0.10, EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0...

CVE-2021-29075

CVE-2021-29075 affects multiple Netgear devices (e.g., RBW30, RBK852, RBR850, RBS850, RBK752/753/753S/754, RBR750, RBS750) with a stack-based buffer overflow triggered by an authenticated user. Affected versions are: RBW30 before 2.6.2.2; RBK852 before 3.2.17.12; RBR850/RBS850/RBK752/RBK753/RBK75...

CVE-2021-45564

Affected NETGEAR devices (RBK752, RBR750, RBS750, RBK852, RBR850, RBS850) with firmware prior to 3.2.16.6 are vulnerable to an authenticated-command-injection issue in which an authenticated user can inject commands. Root cause is lack of proper input validation/escaping in command handling. Impa...

CVE-2021-45632

CVE-2021-45632 affects certain NETGEAR devices via an unauthenticated command-injection vulnerability. In the public records, impacted products and minimum/affected versions are: CBR750 before 4.6.3.6; RBK752 before 3.2.17.12; RBR750 before 3.2.17.12; RBS750 before 3.2.17.12; RBK852 before 3.2.17...

CVE-2020-26903

CVE-2020-26903 affects several NETGEAR devices due to disclosure of administrative credentials. Affected models and minimum upgrade paths per sources: CBR40 prior to 2.5.0.10; RBK752, RBR750, RBS750 prior to 3.2.15.25; RBK852, RBR850, RBS850 prior to 3.2.10.11. The issue is documented across mult...

CVE-2021-45527

CVE-2021-45527 affects a wide range of NETGEAR routers and extenders. The vulnerability is a buffer overflow that can be triggered by an authenticated user, affecting models such as D6220 (pre-1.0.0.68), D6400 (pre-1.0.0.102), D7000v2 (pre-1.0.0.66), D8500 (pre-1.0.3.58), DC112A (pre-1.0.0.54), E...

CVE-2021-45535

CVE-2021-45535 is a command-injection vulnerability affecting certain NETGEAR devices. An authenticated user can trigger the issue in several models (RAX200, RAX80, RAX75, RBK752, RBR750, RBS750, RBK852, RBR850, RBS850) with vulnerable firmware up to the listed versions, e.g., RAX200/RAX80/RAX75 ...

CVE-2021-45558

CVE-2021-45558 affects certain NETGEAR routers (RBK752, RBR750, RBS750, RBK852, RBR850, RBS850) with firmware prior to 3.2.16.6. The issue is a command injection vulnerability exploitable by an authenticated user, enabling potential impact on confidentiality, integrity, and availability as indica...

CVE-2021-45616

CVE-2021-45616 affects a wide range of NETGEAR devices (CBR750, LAX20, MK62, MR60, MS60, R6900P, R7000/R7000P, R7850, R7900/8000 series, RAX 15/20/200/35v2/40v2/43/45/50/75/80, RBK/RBR/RBS series, RS400, XR1000). The root cause is a pre-authenticated command-injection vulnerability allowing an un...

CVE-2020-14432

NETGEAR devices (RBK752/753/753S/RBR750/RBS750/RBK842/RBR840/RBS840/RBK852/RBK853/RBR850/RBS850) are affected by Cross‑Site Request Forgery up to firmware version 3.2.15.25. The issue is CSRF with impact on confidentiality/integrity/availability as indicated by CVSS data; no exploitation details ...

CVE-2021-45565

CVE-2021-45565 affects several NETGEAR devices (RBK752, RBR750, RBS750, RBK852, RBR850, RBS850) with a command-injection flaw exploitable by an authenticated user. The vulnerability is present in versions before 3.2.16.6; likely fixed in 3.2.16.6. Connected docs confirm affected models and versio...

CVE-2021-45543

CVE-2021-45543 affects several NETGEAR routers where an authenticated user can perform a command injection. Affected models and minimum/affected versions include: R8000 before 1.0.4.74; RAX200 before 1.0.4.120; R8000P before 1.4.2.84; R7900P before 1.4.2.84; RBR850 before 3.2.17.12; RBS850 before...

CVE-2021-45587

CVE-2021-45587 affects certain NETGEAR devices: RBK752, RBR750, RBS750, RBK852, RBR850, and RBS850, all before version 3.2.16.6. The issue is a command-injection vulnerability exploitable by an authenticated user. The connected documents confirm affected model lines and version bounds, but do not...

CVE-2021-45592

The CVE-2021-45592 entry covers an authenticated command-injection vulnerability in certain NETGEAR Wi‑Fi systems (RBK752, RBR750, RBS750, RBK852, RBR850, RBS850) affected before version 3.2.16.6. The root cause is command injection exposed to an authenticated user; impact is partial confidential...

CVE-2021-45635

CVE-2021-45635 affects certain NETGEAR devices (CBR750 < 4.6.3.6; RBK752/RBR750/RBS750/RBK852/RBR850/RBS850

CVE-2021-45665

CVE-2021-45665 concerns a stored cross-site scripting (XSS) vulnerability in multiple NETGEAR devices. Affected models and their firmware versions include EAX20 < 1.0.0.36, EAX80 < 1.0.1.62, EX3700 < 1.0.0.90, EX3800 < 1.0.0.90, EX6120 < 1.0.0.64, EX6130 < 1.0.0.44, EX7500 < ...

CVE-2021-45671

CVE-2021-45671 affects a range of NETGEAR devices (e.g., CBR40 < 2.5.0.10, EAX80 < 1.0.1.62, EX7500 < 1.0.0.72, R7900 < 1.0.4.38, R8000 < 1.0.4.68, RAX200 < 1.0.4.120, RBS40V < 2.6.1.4, RBW30 < 2.6.1.4, MR60 < 1.0.6.110, RAX20 < 1.0.2.82, RAX45 < 1.0.2.72, RAX80 &...

CVE-2021-29066

This CVE (CVE-2021-29066) affects several NETGEAR WiFi/routing devices: RBK852, RBK853, RBK854, RBR850, and RBS850, all before version 3.2.17.12, due to an authentication bypass vulnerability. The connected records confirm the affected models and the root cause as authentication bypass, with impa...