CVE-2020-13245

CVE-2020-13245 affects NETGEAR routers, notably the R7000 (versions 1.0.9.6_1.2.19 through 1.0.11.100_10.2.10) and possibly additional models (R6120, R7800, R6220, R8000, R6350, R9000, R6400, RAX120, R6400v2, RBR20, R6800, XR300, R6850, XR500, R7000P). The root cause is Missing SSL Certificate Va...

CVE-2021-27257

The CVE-2021-27257 issue affects NETGEAR R7800 firmware 1.0.2.76. It stems from the FTP file-download path where the server certificate is not properly validated, allowing network-adjacent attackers to potentially execute arbitrary code with root privileges after exploitation. The vulnerability i...

CVE-2021-27254

The CVE-2021-27254 issue affects NETGEAR R7800 devices via the apply_save.cgi endpoint. Root cause: hard-coded encryption key enabling authentication bypass for network-adjacent attackers, allowing arbitrary code execution with root privileges. Documented in multiple sources (ZDI-21-252, Red Hat ...

CVE-2021-38516

CVE-2021-38516 targets NETGEAR devices where there is a lack of function-level access control. Affected devices include D6220 (before 1.0.0.48), D6400 (before 1.0.0.82), D7000v2 (before 1.0.0.52), D7800 (before 1.0.1.44), D8500 (before 1.0.3.43), and numerous other models (list in public advisori...

CVE-2021-38534

CVE-2021-38534 affects a wide range of NETGEAR routers and gateways. Based on the provided records, the vulnerability is described as stored cross-site scripting (XSS) impacting multiple device lines and numerous firmware versions (for example, D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6100 ...

CVE-2020-35795

CVE-2020-35795 affects a wide range of NETGEAR devices (e.g., AC2100/AC2400/AC2600, CBK40/CBR40, D7800, EAX series, EX7500, MK62, MR60, MS60, R6120/6220/6230/6260/6330/6350/6400/6400v2/6700/6700v2/v3/6800/6850/6900P/6900/v2/7000/7000P/7200/7350/7400/7450/7800/7850/7900/8900/9000 and R-series/RAX/...

CVE-2020-35799

CVE-2020-35799 affects a wide range of NETGEAR devices (D3600, D6000, D6200, D7000, D7800, DM200, EX2700, EX6100v2, EX6150v2, EX6200v2, EX6400, EX7300, EX8000, JR6150, PR2000, R6020, R6050, R6080, R6120, R6220, R6230, R6260, R6700v2, R6800, R6900v2, R7500v2, R7800, R8900, R9000, RBK/RBR/RBS famil...

CVE-2021-27255

CVE-2021-27255 affects NETGEAR R7800 devices running firmware 1.0.2.76. The flaw is in the refresh_status.aspx endpoint and allows unauthenticated remote code execution, with the attacker gaining root privileges. Multiple sources (NVD, Red Hat advisory, ZDI) confirm the lack of authentication to ...

CVE-2021-27256

CVE-2021-27256 affects NETGEAR R7800 firmware 1.0.2.76. The flaw resides in the handling of the rc_service parameter passed to apply_save.cgi, where insufficient validation allows an attacker to execute arbitrary commands with root privileges. Although authentication is required, the authenticati...

CVE-2021-38514

CVE-2021-38514 corresponds to an authentication bypass affecting numerous NETGEAR devices (examples: D3600, D6000, D6100, D6200, D6220, D6400, D7000, D7000v2, D7800, D8500, various WN/R series, XR500, etc.) with many revision thresholds (most listed “before” specific version numbers). Root cause ...

CVE-2021-38525

CVE-2021-38525 affects a large set of NETGEAR routers (e.g., D3600, D6000, D6200, D7000, EX6xxx, XR500, R6xxx, R7xxx, etc.) with a stack-based buffer overflow vulnerability exploitable by an authenticated user. The issue occurs in multiple models and firmware revisions listed in the vulnerability...

CVE-2021-38538

CVE-2021-38538 affects several NETGEAR devices with a stored cross-site scripting vulnerability. The available sources enumerate affected models and firmware versions, including D7800 up to 1.0.1.56; R7800 up to 1.0.2.68; R8900 up to 1.0.4.26; R9000 up to 1.0.4.26; RAX120 up to 1.0.0.78; RBK/RBR/...

CVE-2020-35787

CVE-2020-35787 is a buffer overflow in a range of NETGEAR devices that can be triggered by an authenticated user. Affected products and firmware ranges include: D3600 < 1.0.0.76, D6000 < 1.0.0.76, D6200 < 1.1.00.36, D7000 < 1.0.1.70, EX6200v2 < 1.0.1.78, EX7000 < 1.0.1.78, EX800...

CVE-2020-35823

The connected documents confirm CVE-2020-35823 is a stored XSS affecting multiple NETGEAR devices and firmware versions (D7800 < 1.0.1.56; R7500v2 < 1.0.3.46; R7800 < 1.0.2.74; R8900 < 1.0.4.28; R9000 < 1.0.4.28; RAX120 < 1.0.0.78; RBK/RBR/RBS series < 2.3.x.26–2.3.x.30; XR50...

CVE-2020-35825

The CVE-2020-35825 entry concerns a stored XSS vulnerability in several NETGEAR routers. Affected models and their fixed versions are: D7800 (fixed in 1.0.1.56+), R7500v2 (1.0.3.46+), R7800 (1.0.2.74+), R8900 (1.0.4.28+), R9000 (1.0.4.28+), RAX120 (1.0.0.78+), RBK50 (2.3.5.30+), RBR50 (2.3.5.30+)...

CVE-2021-38527

CVE-2021-38527: Pre-auth command-injection vulnerability affecting a broad range of NETGEAR devices (e.g., CBR40, EX-series extenders/routers, XR series, RBK/RBR/RBS bundles, etc.). Root cause: unauthenticated input reaching a command-execution path; affected firmware versions include CBR40 <2...

CVE-2020-35812

CVE-2020-35812 pertains to stored cross-site scripting in multiple NETGEAR devices. Affected models and affected firmware ranges include D7800 (< 1.0.1.56), R7500v2 (< 1.0.3.46), R7800 (< 1.0.2.68), R8900 (< 1.0.4.28), R9000 (< 1.0.4.28), RAX120 (< 1.0.0.78), RBK40/ RBR40/ RBS40...

CVE-2020-35833

NETGEAR devices are affected by stored cross-site scripting (XSS) in the web interface. The RH/CVE entry specifies vulnerable models and firmware ranges, including D7800 < 1.0.1.56, R7500v2 < 1.0.3.46, R7800 < 1.0.2.68, R8900 < 1.0.4.28, R9000 < 1.0.4.28, RAX120 < 1.0.0.78, RBK2...

CVE-2020-35818

CVE-2020-35818 is a stored XSS vulnerability affecting multiple NETGEAR routers. According to the provided records, D7800 (<1.0.1.56), R7500v2 (<1.0.3.46), R7800 (<1.0.2.74), R8900 (<1.0.4.28), R9000 (<1.0.4.28), RAX120 (<1.0.0.78), RBR20 (<2.3.5.26), RBS20 (<2.3.5.26), RB...

CVE-2019-20736

CVE-2019-20736 affects NETGEAR devices (D6000, D6100, R7800, R8900, R9000, WNDR3700v4, WNDR4300v1/v2, WNDR4500v3, WNR2000v5, XR500) via a stack-based buffer overflow in an authenticated context. Affected firmware versions are listed (e.g., D6000 < 1.0.0.72, D6100 < 1.0.0.63, R7800 < 1.0....

CVE-2020-35800

CVE-2020-35800 affects a wide range of NETGEAR devices (e.g., AC2100/AC2400/AC2600, CBK40/CBR40, D6000/D6220/D6400/D7000v2/D7800/D8500/DC112A, EX-series, R-series, etc.). The root issue is an incorrect security settings configuration across these models, leading to a security misconfiguration. Th...

CVE-2020-35810

CVE-2020-35810 describes a stored cross-site scripting (XSS) vulnerability affecting multiple NETGEAR devices: D7800 (before 1.0.1.56), R7500v2 (before 1.0.3.46), R7800 (before 1.0.2.74), R8900/R9000 (before 1.0.4.28), RAX120 (before 1.0.0.78), RBK/RBR/RBS series (before 2.3.5.30 or 2.3.5.26 for ...

CVE-2020-35820

CVE-2020-35820 is a stored XSS vulnerability affecting multiple NETGEAR devices. Affected models and versions include D7800 before 1.0.1.56; R7500v2 before 1.0.3.46; R7800 before 1.0.2.74; R8900 before 1.0.4.28; R9000 before 1.0.4.28; RAX120 before 1.0.0.78; RBK50 before 2.3.5.30; RBR50 before 2....

CVE-2020-35832

The CVE-2020-35832 entry describes a stored XSS vulnerability affecting multiple NETGEAR devices (D7800, R7500v2, R7800, R8900, R9000, RAX120, RBK/RBR/RBS series, XR500/XR700, and related firmware versions) prior to listed fixes (e.g., D7800 < 1.0.1.56; R7500v2 < 1.0.3.46; R7800 < 1.0.2....

CVE-2020-35815

CVE-2020-35815 is a stored XSS vulnerability affecting multiple NETGEAR devices (D7800, R7500v2, R7800, R8900, R9000, RAX120, RBK/RBR/RBS lines, XR500/XR700, with various affected firmware versions listed). The issue is described as stored XSS in the device web interface; CVSS data indicates netw...

CVE-2020-35819

CVE-2020-35819 affects multiple NETGEAR devices via a stored XSS vulnerability. Affected models and minimum/maximum versions include D7800 before 1.0.1.56; R7500v2 before 1.0.3.46; R7800 before 1.0.2.74; R8900 before 1.0.4.28; R9000 before 1.0.4.28; RAX120 before 1.0.0.78; RBK50 before 2.3.5.30; ...

CVE-2020-35829

Stored XSS affects a range of NETGEAR devices (D7800, R7800, R8900, R9000, RAX120, RBK/RBR/RBS series, XR500/XR700) with specific firmware versions prior to those listed in the advisories. The issue is present in multiple models/firmware before updates such as D7800 < 1.0.1.56, R7800 < 1.0....

CVE-2020-35813

CVE-2020-35813 describes a stored cross-site scripting vulnerability affecting a range of NETGEAR consumer/enterprise routers (e.g., D7800; RBK/RBR/RBS series; XR family; R7500v2; R7800; R8900; R9000; XR500; RAX120) with listed version bounds (before 1.0.1.56 for D7800, before 2.3.5.30 for RBK/RB...

CVE-2020-35822

CVE-2020-35822 is a stored cross-site scripting vulnerability affecting several NETGEAR routers. Affected models and minimum versions (per initial and Red Hat/NVD entries): D7800 < 1.0.1.56, R7500v2 < 1.0.3.46, R7800 < 1.0.2.74, R8900 < 1.0.4.28, R9000 < 1.0.4.28, RAX120 < 1.0.0...

CVE-2020-35814

CVE-2020-35814 is a stored XSS vulnerability in certain NETGEAR routers. Affected devices and firmware versions include D7800 prior to 1.0.1.56; R7800 prior to 1.0.2.74; R8900 prior to 1.0.4.28; R9000 prior to 1.0.4.28; RAX120 prior to 1.0.0.78; RBK/RBR/RBS series up to 2.3.5.30 (RBK20, RBR20, RB...

CVE-2020-35826

CVE-2020-35826 concerns stored XSS in several NETGEAR routers, including D7800 (< 1.0.1.56), R7500v2 (< 1.0.3.46), R7800 (< 1.0.2.74), R8900 (< 1.0.4.28), R9000 (< 1.0.4.28), RAX120 (< 1.0.0.78), RBK50/ RBR50/ RBS50 (< 2.3.5.30), XR500 (< 2.3.2.56), and XR700 (

CVE-2020-35836

CVE-2020-35836 affects multiple NETGEAR devices through stored cross‑site scripting. Specifically, the issue impacts: D7800 < 1.0.1.56, R7500v2 < 1.0.3.46, R7800 < 1.0.2.74, R8900 < 1.0.4.28, R9000 < 1.0.4.28, XR500 < 2.3.2.56, XR700 < 1.0.1.10, and RAX120

CVE-2019-20735

The CVE-2019-20735 entry affects NETGEAR devices and describes a stack-based buffer overflow triggered by an authenticated user. Affected models and firmware versions include: D3600 (before 1.0.0.75), D6000 (before 1.0.0.75), D6100 (before 1.0.0.63), R7800 (before 1.0.2.52), R8900 (before 1.0.4.2...

CVE-2020-35828

CVE-2020-35828 is a stored XSS vulnerability affecting multiple NETGEAR devices. Affected models and fixed versions include D7800 < 1.0.1.56, RBK20/RBR20/RBS20 < 2.3.5.26, RBK40/RBR40/RBS40 < 2.3.5.30, RBK50/RBR50/RBS50 < 2.3.5.30, R7800 < 1.0.2.74, R8900/R9000 < 1.0.4.28, XR500...

CVE-2020-35811

CVE-2020-35811 affects a range of NETGEAR devices, exposing stored cross-site scripting (XSS) vulnerabilities in specific firmware versions (e.g., D7800 < 1.0.1.56; R7500v2 < 1.0.3.46; R7800 < 1.0.2.68; R8900 < 1.0.4.28; R9000 < 1.0.4.28; RAX120 < 1.0.0.78; RBK/RBR/RBS series &l...

CVE-2020-35827

CVE-2020-35827 affects a range of NETGEAR routers (D7800 < 1.0.1.56; RBK50/RBR50/RBS50 < 2.3.5.30; R7800 < 1.0.2.74; R8900/R9000 < 1.0.4.28; XR500 < 2.3.2.56; XR700 < 1.0.1.10; RAX120

CVE-2020-35809

CVE-2020-35809 is a stored XSS affecting several NETGEAR devices. Affected models and fixed versions include: D7800 < 1.0.1.56; R7500v2 < 1.0.3.46; R7800 < 1.0.2.74; R8900 < 1.0.4.28; R9000 < 1.0.4.28; RAX120 < 1.0.0.78; RBK50 < 2.3.5.30; RBR50 < 2.3.5.30; RBS50 < 2.3.5...

CVE-2020-35834

The CVE-2020-35834 entry describes a stored XSS vulnerability affecting certain NETGEAR routers: D7800 < 1.0.1.56, R7500v2 < 1.0.3.46, R7800 < 1.0.2.68, R8900 < 1.0.4.28, R9000 < 1.0.4.28, RAX120 < 1.0.0.78, XR500 < 2.3.2.56, and XR700

CVE-2020-35831

Technical details about CVE-2020-35831 are not publicly provided in the connected documents; no specific affected versions or fixes are disclosed here. Monitor for updates.

CVE-2021-34947

The CVE-2021-34947 entry describes a NETGEAR R7800 net-cgi Out-of-Bounds Write Remote Code Execution vulnerability. The flaw is in parsing of the soap_block_table, caused by insufficient validation of user-supplied data, allowing a write past the end of an allocated structure. This enables networ...

CVE-2020-35835

CVE-2020-35835 concerns multiple NETGEAR routers affected by stored cross-site scripting. Affected models and minimum vulnerable revisions are: D7800 < 1.0.1.56; R7500v2 < 1.0.3.46; R7800 < 1.0.2.74; R8900 < 1.0.4.28; R9000 < 1.0.4.28; RAX120 < 1.0.0.78; XR500 < 2.3.2.56; XR700

CVE-2021-45641

CVE-2021-45641 affects multiple NETGEAR routers (e.g., D3600, D6000, D6200, D6220, D6400, D7000/…/XR500, among others) due to incorrect configuration of security settings. The vulnerability involves a misconfiguration issue in a broad list of NETGEAR devices before specified firmware versions (e....

CVE-2019-20723

The vulnerability CVE-2019-20723 affects NETGEAR devices and is described as a stack-based buffer overflow exploitable by an authenticated user. Affected models and firmware ranges include D3600 (before 1.0.0.75), D6000 (before 1.0.0.75), D6100 (before 1.0.0.63), DM200 (before 1.0.0.58), EX2700 (...

CVE-2020-26915

The CVE-2020-26915 entry describes a stored Cross-Site Scripting vulnerability affecting multiple NETGEAR devices. Affected models and older firmware versions include D7800 < 1.0.1.56, R7500v2 < 1.0.3.46, R7800 < 1.0.2.68, R8900 < 1.0.4.28, R9000 < 1.0.4.28, RAX120 < 1.0.0.78, R...

CVE-2020-35824

CVE-2020-35824 is a stored XSS vulnerability affecting multiple NETGEAR routers (e.g., D7800 < 1.0.1.56, R7500v2 < 1.0.3.46, R7800 < 1.0.2.74, R8900 < 1.0.4.28, R9000 < 1.0.4.28, RAX120 < 1.0.0.78, RBK50/RBR50/RBS50 < 2.3.5.30, XR500 < 2.3.2.56, XR700

CVE-2019-20685

This CVE (CVE-2019-20685) affects a range of NETGEAR devices, caused by a stack-based buffer overflow in unauthenticated scenarios. Affected models and versions include D3600/D6000/D6200/D7000/DM200/JR6150/PR2000/R6020/R6050/R6080/R6120/R6220/R6260/R6700v2/R6800/R6900v2/WNR2020/XR500 with specifi...

CVE-2020-26913

CVE-2020-26913 affects NETGEAR routers and Wi‑Fi systems (example devices include D6100, R7800, R8900, R9000, RBK/RBR/RBS series, SRK/SRR/SRS, WN models, XR models) with a stack-based buffer overflow exploitable by an authenticated user. Affected firmware versions are listed per device (e.g., D61...

CVE-2020-35839

NETGEAR devices D7800 (before 1.0.1.56), R7500v2 (before 1.0.3.46), R7800 (before 1.0.2.68), R8900 (before 1.0.4.28), R9000 (before 1.0.4.28), XR500 (before 2.3.2.56), XR700 (before 1.0.1.10), and RAX120 (before 1.0.0.78) are affected by a Stored XSS vulnerability (CVE-2020-35839). The provided d...

CVE-2021-45550

CVE-2021-45550 affects various NETGEAR devices (e.g., D3600, D6000, D6100, D6220, D6400, D7800, D8500, DGN2200v4, R6250, R6300v2, R6400, R6400v2, R6700, R7000, R7100LG, R7300, R7900, R8000, R8300, R8500, XR500, and others listed) with a pre-auth or authenticated command-injection risk. The vulner...

CVE-2021-45640

The CVE-2021-45640 entry impacts NETGEAR routers and extenders (e.g., D3600/D6000/D6200/D6220/D6400/D7000/D7800 etc.) with firmware versions listed in the description. The root cause is an incorrect configuration of security settings on affected devices. Connected documents reiterate the same dev...