Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Wac104_firmware
(Netgear)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 5 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2020-12-30 | CVE-2020-35788 | NETGEAR WAC104 devices before 1.0.4.13 are affected by a buffer overflow by an authenticated user. | Wac104_firmware | 6.8 | ||
2021-06-30 | CVE-2021-35973 | NETGEAR WAC104 devices before 1.0.4.15 are affected by an authentication bypass vulnerability in /usr/sbin/mini_httpd, allowing an unauthenticated attacker to invoke any action by adding the ¤tsetting.htm substring to the HTTP query, a related issue to CVE-2020-27866. This directly allows the attacker to change the web UI password, and eventually to enable debug mode (telnetd) and gain a shell on the device as the admin limited-user account (however, escalation to root is simple... | Wac104_firmware | 9.8 | ||
2021-08-11 | CVE-2021-38532 | NETGEAR WAC104 devices before 1.0.4.15 are affected by incorrect configuration of security settings. | Wac104_firmware | 7.2 | ||
2022-03-17 | CVE-2021-44261 | A vulnerability is in the 'BRS_top.html' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes firmware version information for the device. | R6220_firmware, R6900_firmware, R7450_firmware, R7800_firmware, Wac104_firmware | 5.3 | ||
2022-03-17 | CVE-2021-44262 | A vulnerability is in the 'MNU_top.htm' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes some key information for the device. | Mbr1517_firmware, Wac104_firmware, Wnce3001_firmware | 7.5 |