|
195541
|
7.5 |
HIGH
Network
|
netgear
|
r6700_firmware
|
Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure communication methods to the SOAP interface. By default, all communication to/from the device's SOAP Interface (port 5000) is sent vi…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2021-20175
|
2024-11-21 14:46 |
2021-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195542
|
7.5 |
HIGH
Network
|
netgear
|
r6700_firmware
|
Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure communication methods to the web interface. By default, all communication to/from the device's web interface is sent via HTTP, which …
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2021-20174
|
2024-11-21 14:46 |
2021-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195543
|
8.8 |
HIGH
Network
|
netgear
|
r6700_firmware
|
Netgear Nighthawk R6700 version 1.0.4.120 contains a command injection vulnerability in update functionality of the device. By triggering a system update check via the SOAP interface, the device is s…
|
CWE-78
OS Command
|
CVE-2021-20173
|
2024-11-21 14:46 |
2021-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195544
|
7.8 |
HIGH
Local
|
netgear
|
genie_installer
|
All known versions of the Netgear Genie Installer for macOS contain a local privilege escalation vulnerability. The installer of the macOS version of Netgear Genie handles certain files in an insecur…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2021-20172
|
2024-11-21 14:46 |
2021-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195545
|
5.5 |
MEDIUM
Local
|
netgear
|
rax43_firmware
|
Netgear RAX43 version 1.0.3.96 stores sensitive information in plaintext. All usernames and passwords for the device's associated services are stored in plaintext on the device. For example, the admi…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2021-20171
|
2024-11-21 14:46 |
2021-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195546
|
8.8 |
HIGH
Network
|
netgear
|
rax43_firmware
|
Netgear RAX43 version 1.0.3.96 makes use of hardcoded credentials. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encry…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2021-20170
|
2024-11-21 14:46 |
2021-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195547
|
6.8 |
MEDIUM
Physics
|
netgear
|
rax43_firmware
|
Netgear RAX43 version 1.0.3.96 does not utilize secure communications to the web interface. By default, all communication to/from the device is sent via HTTP, which causes potentially sensitive infor…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2021-20169
|
2024-11-21 14:46 |
2021-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195548
|
6.8 |
MEDIUM
Physics
|
netgear
|
rax43_firmware
|
Netgear RAX43 version 1.0.3.96 does not have sufficient protections to the UART interface. A malicious actor with physical access to the device is able to connect to the UART port via a serial connec…
|
CWE-287
Improper Authentication
|
CVE-2021-20168
|
2024-11-21 14:46 |
2021-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195549
|
8.0 |
HIGH
Adjacent
|
netgear
|
rax43_firmware
|
Netgear RAX43 version 1.0.3.96 contains a command injection vulnerability. The readycloud cgi application is vulnerable to command injection in the name parameter.
|
CWE-77
Command Injection
|
CVE-2021-20167
|
2024-11-21 14:46 |
2021-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195550
|
8.8 |
HIGH
Adjacent
|
netgear
|
rax43_firmware
|
Netgear RAX43 version 1.0.3.96 contains a buffer overrun vulnerability. The URL parsing functionality in the cgi-bin endpoint of the router containers a buffer overrun issue that can redirection cont…
|
CWE-120
Classic Buffer Overflow
|
CVE-2021-20166
|
2024-11-21 14:46 |
2021-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
