Note:
This project will be discontinued after December 13, 2021. [more]
Product:
R8000_firmware
(Netgear)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 117 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-03-29 | CVE-2022-27643 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SOAP requests. When parsing the SOAPAction header, the process does not properly validate the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute code in the context of... | D6220_firmware, D6400_firmware, D7000v2_firmware, Dc112a_firmware, Ex3700_firmware, Ex3800_firmware, Ex6120_firmware, Ex6130_firmware, R6400_firmware, R6700_firmware, R6900p_firmware, R7000_firmware, R7000p_firmware, R7100lg_firmware, R7850_firmware, R7900p_firmware, R7960p_firmware, R8000_firmware, R8000p_firmware, R8500_firmware, Rax200_firmware, Rax75_firmware, Rax80_firmware, Rs400_firmware, Wndr3400_firmware, Wnr3500l_firmware, Xr300_firmware | 8.8 | ||
| 2023-03-29 | CVE-2022-27644 | This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute... | Cbr40_firmware, Lbr1020_firmware, Lbr20_firmware, R6400_firmware, R6700_firmware, R6900p_firmware, R7000_firmware, R7000p_firmware, R7850_firmware, R7960p_firmware, R8000_firmware, R8000p_firmware, Rax200_firmware, Rax75_firmware, Rax80_firmware, Rbr10_firmware, Rbr20_firmware, Rbr40_firmware, Rbr50_firmware, Rbs10_firmware, Rbs20_firmware, Rbs40_firmware, Rbs50_firmware, Rs400_firmware | 8.8 | ||
| 2023-03-29 | CVE-2022-27645 | This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15762. | Lax20_firmware, R6400_firmware, R6700_firmware, R7000_firmware, R7850_firmware, R7900p_firmware, R7960p_firmware, R8000_firmware, R8000p_firmware, R8500_firmware, Rax15_firmware, Rax200_firmware, Rax20_firmware, Rax35_firmware, Rax38_firmware, Rax40_firmware, Rax42_firmware, Rax43_firmware, Rax45_firmware, Rax48_firmware, Rax50_firmware, Rax50s_firmware, Rax75_firmware | 8.8 | ||
| 2023-03-29 | CVE-2022-27647 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the name or email field provided to libreadycloud.so. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call.... | Cax80_firmware, Lax20_firmware, Mr60_firmware, Mr80_firmware, Ms60_firmware, Ms80_firmware, R6400_firmware, R6700_firmware, R6900p_firmware, R7000_firmware, R7000p_firmware, R7100lg_firmware, R7850_firmware, R7900p_firmware, R7960p_firmware, R8000_firmware, R8000p_firmware, R8500_firmware, Rax15_firmware, Rax200_firmware, Rax20_firmware, Rax35_firmware, Rax38_firmware, Rax40_firmware, Rax42_firmware, Rax43_firmware, Rax45_firmware, Rax48_firmware, Rax50_firmware, Rax50s_firmware, Rax75_firmware, Rax80_firmware, Rs400_firmware | 8.0 | ||
| 2023-03-29 | CVE-2022-27646 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the circled daemon. A crafted circleinfo.txt file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of... | Cbr40_firmware, Lbr1020_firmware, Lbr20_firmware, R6400_firmware, R6700_firmware, R6900p_firmware, R7000_firmware, R7000p_firmware, R7850_firmware, R7960p_firmware, R8000_firmware, R8000p_firmware, Rax200_firmware, Rax75_firmware, Rax80_firmware, Rbr10_firmware, Rbr20_firmware, Rbr40_firmware, Rbr50_firmware, Rbs10_firmware, Rbs20_firmware, Rbs40_firmware, Rbs50_firmware, Rs400_firmware | 8.8 | ||
| 2016-12-14 | CVE-2016-6277 | NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/. | D6220_firmware, D6400_firmware, R6250_firmware, R6400_firmware, R6700_firmware, R6900_firmware, R7000_firmware, R7100lg_firmware, R7300dst_firmware, R7900_firmware, R8000_firmware | 8.8 | ||
| 2019-06-17 | CVE-2019-5016 | An exploitable arbitrary memory read vulnerability exists in the KCodes NetUSB.ko kernel module which enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. A specially crafted index value can cause an invalid memory read, resulting in a denial of service or remote information disclosure. An unauthenticated attacker can send a crafted packet on the local network to trigger this vulnerability. | Netusb\.ko, R7900_firmware, R8000_firmware | 9.1 | ||
| 2019-06-17 | CVE-2019-5017 | An exploitable information disclosure vulnerability exists in the KCodes NetUSB.ko kernel module that enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. An unauthenticated, remote attacker can craft and send a packet containing an opcode that will trigger the kernel module to return several addresses. One of which can be used to calculate the dynamic base address of the module for further exploitation. | Netusb\.ko, R8000_firmware | 5.3 | ||
| 2020-04-15 | CVE-2020-11770 | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6220 before 1.0.0.52, D6400 before 1.0.0.86, D7000v2 before 1.0.0.53, D8500 before 1.0.3.44, R6220 before 1.1.0.80, R6250 before 1.0.4.34, R6260 before 1.1.0.64, R6400 before 1.0.1.46, R6400v2 before 1.0.2.66, R6700 before 1.0.2.6, R6700v2 before 1.2.0.36, R6700v3 before 1.0.2.66, R6800 before 1.2.0.36, R6900 before 1.0.2.4, R6900P before 1.3.1.64, R6900v2 before 1.2.0.36, R7000 before 1.0.9.42,... | D6220_firmware, D6400_firmware, D7000_firmware, D8500_firmware, R6220_firmware, R6250_firmware, R6260_firmware, R6400_firmware, R6700_firmware, R6800_firmware, R6900_firmware, R6900p_firmware, R7000_firmware, R7000p_firmware, R7100lg_firmware, R7300dst_firmware, R7800_firmware, R7900_firmware, R7900p_firmware, R8000_firmware, R8000p_firmware, R8300_firmware, R8500_firmware, R8900_firmware, R9000_firmware, Xr500_firmware | 8.8 | ||
| 2020-04-15 | CVE-2019-20680 | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7000v2 before 1.0.0.53, R6220 before 1.1.0.80, R6260 before 1.1.0.64, R6700 before 1.0.2.6, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900 before 1.0.2.4, R6900P before 1.3.1.64, R6900v2 before 1.2.0.36, R7000 before 1.0.9.60, R7000P before 1.3.1.64, R7800 before 1.0.2.60, R7900 before 1.0.3.8, R7900P before 1.4.1.30, R8000 before 1.0.4.46, R8000P before 1.4.1.30, R8300 before 1.0.2.128,... | D7000_firmware, R6220_firmware, R6260_firmware, R6700_firmware, R6800_firmware, R6900_firmware, R6900p_firmware, R7000_firmware, R7000p_firmware, R7800_firmware, R7900_firmware, R7900p_firmware, R8000_firmware, R8000p_firmware, R8300_firmware, R8500_firmware, R8900_firmware, R9000_firmware, Xr500_firmware | 8.0 |