Xr500 Firmware Security Vulnerabilities and Issues — Xr500 Firmware CVE List

Lucene search

NetgearXr500 Firmware

34 matches found

CVE•added 2021/03/05 8:15 p.m.•72 views

CVE-2021-27254

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the apply_save.cgi endpoint. This issue results from the use of hard-coded encrypti...

8.8CVSS9AI score0.00062EPSS

CVE•added 2021/03/05 8:15 p.m.•68 views

CVE-2021-27255

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the refresh_status.aspx endpoint. The issue results from a lack of...

8.8CVSS9AI score0.01232EPSS

CVE•added 2021/03/05 8:15 p.m.•67 views

CVE-2021-27256

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists wit...

8.8CVSS8.8AI score0.0041EPSS

CVE•added 2020/12/30 12:15 a.m.•66 views

CVE-2020-35787

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6200 before 1.1.00.36, D7000 before 1.0.1.70, EX6200v2 before 1.0.1.78, EX7000 before 1.0.1.78, EX8000 before 1.0.1.186, JR6150 before 1.0.1.18, PR2000 bef...

8CVSS7.9AI score0.00139EPSS

CVE•added 2020/12/30 12:15 a.m.•54 views

CVE-2020-35831

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, a...

8.1CVSS7.8AI score0.00275EPSS

CVE•added 2020/12/30 12:15 a.m.•51 views

CVE-2020-35839

Certain NETGEAR devices are affected by Stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, XR500 before 2.3.2.56, XR700 before 1.0.1.10, and RAX120 before 1.0.0.78.

8.1CVSS7.8AI score0.00424EPSS

CVE•added 2021/12/26 1:15 a.m.•51 views

CVE-2021-45641

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, D6200 before 1.1.00.34, D6220 before 1.0.0.52, D6400 before 1.0.0.86, D7000 before 1.0.1.74, D7000v2 before 1.0.0.53, D7800 before 1.0.1.56, D8500 before ...

8.8CVSS8.6AI score0.00374EPSS

CVE•added 2020/04/16 7:15 p.m.•50 views

CVE-2019-20685

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6200 before 1.1.00.32, D7000 before 1.0.1.68, DM200 before 1.0.0.58, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.3...

8.8CVSS8.9AI score0.0065EPSS

CVE•added 2021/12/26 1:15 a.m.•48 views

CVE-2021-45548

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.60, DM200 before 1.0.0.66, EX2700 before 1.0.1.56, EX6150v2 before 1.0.1.86, EX6200v2 before 1.0.1.86, EX6250 before 1.0.0.128, EX6400 before 1.0.2.144, EX6400v2 before 1.0.0.128, EX6...

8.8CVSS8.8AI score0.00345EPSS

CVE•added 2020/04/15 8:15 p.m.•47 views

CVE-2019-20680

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7000v2 before 1.0.0.53, R6220 before 1.1.0.80, R6260 before 1.1.0.64, R6700 before 1.0.2.6, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900 before 1.0.2.4, R6900P before 1.3.1.64, R6900v2 before ...

8CVSS8AI score0.00181EPSS

CVE•added 2020/04/15 2:15 p.m.•47 views

CVE-2020-11770

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6220 before 1.0.0.52, D6400 before 1.0.0.86, D7000v2 before 1.0.0.53, D8500 before 1.0.3.44, R6220 before 1.1.0.80, R6250 before 1.0.4.34, R6260 before 1.1.0.64, R6400 before 1.0.1.46, R6400v2 before 1...

8.8CVSS8.8AI score0.01072EPSS

CVE•added 2020/04/16 7:15 p.m.•44 views

CVE-2019-20684

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6200 before 1.1.00.32, D7000 before 1.0.1.68, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6050 before 1.0.1.1...

8.8CVSS8.9AI score0.0065EPSS

CVE•added 2021/04/14 4:15 p.m.•44 views

CVE-2021-27251

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Authentication is not required to exploit this vulnerability The specific flaw exists within handling of firmware updates. The issue results from a fallback to a inse...

8.8CVSS8.8AI score0.00217EPSS

CVE•added 2020/04/16 7:15 p.m.•42 views

CVE-2019-20683

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6200 before 1.1.00.32, D7000 before 1.0.1.68, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6050 before 1.0.1.1...

8.8CVSS8.9AI score0.0065EPSS

CVE•added 2020/04/15 6:15 p.m.•41 views

CVE-2019-20640

8.8CVSS8.9AI score0.0065EPSS

CVE•added 2020/04/16 7:15 p.m.•41 views

CVE-2019-20702

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.

8CVSS8AI score0.00344EPSS

CVE•added 2021/04/14 4:15 p.m.•40 views

CVE-2021-27253

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling...

8.8CVSS8.8AI score0.00545EPSS

CVE•added 2020/04/16 7:15 p.m.•39 views

CVE-2019-20709

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.

8CVSS8AI score0.00382EPSS

CVE•added 2020/04/16 7:15 p.m.•38 views

CVE-2019-20711

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.

8CVSS8AI score0.00304EPSS

CVE•added 2020/04/16 7:15 p.m.•37 views

CVE-2019-20701

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.

8CVSS8AI score0.00304EPSS

CVE•added 2020/04/16 7:15 p.m.•37 views

CVE-2019-20703

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.

8CVSS8AI score0.00413EPSS

CVE•added 2020/04/16 7:15 p.m.•37 views

CVE-2019-20704

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.

8CVSS8AI score0.00344EPSS

CVE•added 2020/04/16 7:15 p.m.•37 views

CVE-2019-20708

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.

8CVSS8AI score0.00208EPSS

CVE•added 2020/04/16 7:15 p.m.•36 views

CVE-2019-20706

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7800 before 1.0.2.60 and XR500 before 2.3.2.32.

8.8CVSS8AI score0.00282EPSS

CVE•added 2020/04/16 7:15 p.m.•36 views

CVE-2019-20710

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.

8CVSS8AI score0.00304EPSS

CVE•added 2021/04/14 4:15 p.m.•36 views

CVE-2021-27252

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the vendor_specific DHCP opcode. The iss...

8.8CVSS8.8AI score0.0041EPSS

CVE•added 2020/04/22 4:15 p.m.•35 views

CVE-2018-21118

NETGEAR XR500 devices before 2.3.2.32 are affected by authentication bypass.

8.8CVSS8.8AI score0.00122EPSS

CVE•added 2020/04/16 7:15 p.m.•35 views

CVE-2019-20682

8.8CVSS8.9AI score0.0065EPSS

CVE•added 2020/04/16 7:15 p.m.•33 views

CVE-2019-20705

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.

8CVSS8AI score0.00413EPSS

CVE•added 2020/04/16 7:15 p.m.•33 views

CVE-2019-20707

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7800 before 1.0.2.60 and XR500 before 2.3.2.32.

8.8CVSS8AI score0.00413EPSS

CVE•added 2021/03/23 7:15 a.m.•33 views

CVE-2021-29069

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects XR450 before 2.3.2.114, XR500 before 2.3.2.114, and WNR2000v5 before 1.0.0.76.

8.4CVSS8.5AI score0.00081EPSS

CVE•added 2020/04/22 3:15 p.m.•31 views

CVE-2018-21115

NETGEAR XR500 devices before 2.3.2.32 are affected by remote code execution by unauthenticated attackers.

8.8CVSS9.1AI score0.00297EPSS

CVE•added 2020/04/22 3:15 p.m.•31 views

CVE-2018-21117

NETGEAR XR500 devices before 2.3.2.32 are affected by remote code execution by unauthenticated attackers via the traceroute handler.

8.8CVSS9.1AI score0.00239EPSS

CVE•added 2020/04/22 3:15 p.m.•30 views

CVE-2018-21116

NETGEAR XR500 devices before 2.3.2.32 are affected by remote code execution by unauthenticated attackers.

8.8CVSS9.1AI score0.00297EPSS