Filtered by vendor Netgear
Subscribe
Total
1197 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-35787 | 1 Netgear | 52 D3600, D3600 Firmware, D6000 and 49 more | 2024-11-21 | 5.2 MEDIUM | 8.0 HIGH |
| Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6200 before 1.1.00.36, D7000 before 1.0.1.70, EX6200v2 before 1.0.1.78, EX7000 before 1.0.1.78, EX8000 before 1.0.1.186, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.42, R6050 before 1.0.1.18, R6080 before 1.0.0.42, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.64, R6300v2 before 1.0.4.34, R6700 before 1.0.2.6, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900 before 1.0.2.4, R6900P before 1.3.1.64, R6900v2 before 1.2.0.36, R7000 before 1.0.9.42, R7000P before 1.3.1.64, R7800 before 1.0.2.60, R8900 before 1.0.4.12, R9000 before 1.0.4.12, and XR500 before 2.3.2.40. | |||||
| CVE-2020-35786 | 1 Netgear | 2 R7800, R7800 Firmware | 2024-11-21 | 2.7 LOW | 4.5 MEDIUM |
| NETGEAR R7800 devices before 1.0.2.74 are affected by a buffer overflow by an authenticated user. | |||||
| CVE-2020-35785 | 1 Netgear | 2 Dgn2200, Dgn2200 Firmware | 2024-11-21 | 5.8 MEDIUM | 8.3 HIGH |
| NETGEAR DGN2200v1 devices before v1.0.0.60 mishandle HTTPd authentication (aka PSV-2020-0363, PSV-2020-0364, and PSV-2020-0365). | |||||
| CVE-2020-35784 | 1 Netgear | 8 Gs116e, Gs116e Firmware, Jgs516pe and 5 more | 2024-11-21 | 6.5 MEDIUM | 6.2 MEDIUM |
| Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and GS116Ev2 before 2.6.0.48. | |||||
| CVE-2020-35783 | 1 Netgear | 8 Gs116e, Gs116e Firmware, Jgs516pe and 5 more | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
| Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, GS116Ev2 before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and JGS524PE before 2.6.0.48. The NSDP protocol version allows unauthenticated remote attackers to obtain all the switch configuration parameters by sending the corresponding read requests. | |||||
| CVE-2020-35782 | 1 Netgear | 8 Gs116e, Gs116e Firmware, Jgs516pe and 5 more | 2024-11-21 | 7.8 HIGH | 8.1 HIGH |
| Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. The TFTP firmware update mechanism does not properly implement firmware validations, allowing remote attackers to write arbitrary data to internal memory. | |||||
| CVE-2020-35781 | 1 Netgear | 2 Nms300, Nms300 Firmware | 2024-11-21 | 4.0 MEDIUM | 8.3 HIGH |
| NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of service. | |||||
| CVE-2020-35780 | 1 Netgear | 2 Nms300, Nms300 Firmware | 2024-11-21 | 4.0 MEDIUM | 7.1 HIGH |
| NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of service. | |||||
| CVE-2020-35779 | 1 Netgear | 2 Nms300, Nms300 Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of service. | |||||
| CVE-2020-35778 | 1 Netgear | 4 Gs716t, Gs716t Firmware, Gs724t and 1 more | 2024-11-21 | 6.8 MEDIUM | 4.3 MEDIUM |
| Certain NETGEAR devices are affected by CSRF. This affects GS716Tv3 before 6.3.1.36 and GS724Tv4 before 6.3.1.36. | |||||
| CVE-2020-35777 | 1 Netgear | 2 Dgn2200v1, Dgn2200v1 Firmware | 2024-11-21 | 7.7 HIGH | 8.4 HIGH |
| NETGEAR DGN2200v1 devices before v1.0.0.58 are affected by command injection. | |||||
| CVE-2020-35233 | 1 Netgear | 4 Gs116e, Gs116e Firmware, Jgs516pe and 1 more | 2024-11-21 | 6.1 MEDIUM | 6.5 MEDIUM |
| The TFTP server fails to handle multiple connections on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices, and allows external attackers to force device reboots by sending concurrent connections, aka a denial of service attack. | |||||
| CVE-2020-35231 | 1 Netgear | 4 Gs116e, Gs116e Firmware, Jgs516pe and 1 more | 2024-11-21 | 8.3 HIGH | 8.8 HIGH |
| The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was affected by an authentication issue that allows an attacker to bypass access controls and obtain full control of the device. | |||||
| CVE-2020-35230 | 1 Netgear | 4 Gs116e, Gs116e Firmware, Jgs516pe and 1 more | 2024-11-21 | 6.7 MEDIUM | 6.8 MEDIUM |
| Multiple integer overflow parameters were found in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices. Most of the integer parameters sent through the web server can be abused to cause a denial of service attack. | |||||
| CVE-2020-35229 | 1 Netgear | 4 Gs116e, Gs116e Firmware, Jgs516pe and 1 more | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| The authentication token required to execute NSDP write requests on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices is not properly invalidated and can be reused until a new token is generated, which allows attackers (with access to network traffic) to effectively gain administrative privileges. | |||||
| CVE-2020-35228 | 1 Netgear | 4 Gs116e, Gs116e Firmware, Jgs516pe and 1 more | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the administration web panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allows remote attackers to inject arbitrary web script or HTML via the language parameter. | |||||
| CVE-2020-35227 | 1 Netgear | 4 Gs116e, Gs116e Firmware, Jgs516pe and 1 more | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A buffer overflow vulnerability in the access control section on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices (in the administration web panel) allows an attacker to inject IP addresses into the whitelist via the checkedList parameter to the delete command. | |||||
| CVE-2020-35226 | 1 Netgear | 4 Gs116e, Gs116e Firmware, Jgs516pe and 1 more | 2024-11-21 | 4.8 MEDIUM | 7.1 HIGH |
| NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allow unauthenticated users to modify the switch DHCP configuration by sending the corresponding write request command. | |||||
| CVE-2020-35225 | 1 Netgear | 4 Gs116e, Gs116e Firmware, Jgs516pe and 1 more | 2024-11-21 | 5.2 MEDIUM | 6.8 MEDIUM |
| The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was not properly validating the length of string parameters sent in write requests, potentially allowing denial of service attacks. | |||||
| CVE-2020-35224 | 1 Netgear | 4 Gs116e, Gs116e Firmware, Jgs516pe and 1 more | 2024-11-21 | 6.1 MEDIUM | 6.5 MEDIUM |
| A buffer overflow vulnerability in the NSDP protocol authentication method on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allows remote unauthenticated attackers to force a device reboot. | |||||