|
200031
|
7.8 |
HIGH
Local
|
netgear
|
genie_installer
|
All known versions of the Netgear Genie Installer for macOS contain a local privilege escalation vulnerability. The installer of the macOS version of Netgear Genie handles certain files in an insecur…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2021-20172
|
2024-11-21 14:46 |
2021-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200032
|
5.5 |
MEDIUM
Local
|
netgear
|
rax43_firmware
|
Netgear RAX43 version 1.0.3.96 stores sensitive information in plaintext. All usernames and passwords for the device's associated services are stored in plaintext on the device. For example, the admi…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2021-20171
|
2024-11-21 14:46 |
2021-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200033
|
8.8 |
HIGH
Network
|
netgear
|
rax43_firmware
|
Netgear RAX43 version 1.0.3.96 makes use of hardcoded credentials. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encry…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2021-20170
|
2024-11-21 14:46 |
2021-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200034
|
6.8 |
MEDIUM
Physics
|
netgear
|
rax43_firmware
|
Netgear RAX43 version 1.0.3.96 does not utilize secure communications to the web interface. By default, all communication to/from the device is sent via HTTP, which causes potentially sensitive infor…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2021-20169
|
2024-11-21 14:46 |
2021-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200035
|
6.8 |
MEDIUM
Physics
|
netgear
|
rax43_firmware
|
Netgear RAX43 version 1.0.3.96 does not have sufficient protections to the UART interface. A malicious actor with physical access to the device is able to connect to the UART port via a serial connec…
|
CWE-287
Improper Authentication
|
CVE-2021-20168
|
2024-11-21 14:46 |
2021-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200036
|
8.0 |
HIGH
Adjacent
|
netgear
|
rax43_firmware
|
Netgear RAX43 version 1.0.3.96 contains a command injection vulnerability. The readycloud cgi application is vulnerable to command injection in the name parameter.
|
CWE-77
Command Injection
|
CVE-2021-20167
|
2024-11-21 14:46 |
2021-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200037
|
8.8 |
HIGH
Adjacent
|
netgear
|
rax43_firmware
|
Netgear RAX43 version 1.0.3.96 contains a buffer overrun vulnerability. The URL parsing functionality in the cgi-bin endpoint of the router containers a buffer overrun issue that can redirection cont…
|
CWE-120
Classic Buffer Overflow
|
CVE-2021-20166
|
2024-11-21 14:46 |
2021-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200038
|
8.8 |
HIGH
Network
|
trendnet
|
tew-827dru_firmware
|
Trendnet AC2600 TEW-827DRU version 2.08B01 does not properly implement csrf protections. Most pages lack proper usage of CSRF protections or mitigations. Additionally, pages that do make use of CSRF …
|
CWE-352
Origin Validation Error
|
CVE-2021-20165
|
2024-11-21 14:46 |
2021-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200039
|
4.9 |
MEDIUM
Network
|
trendnet
|
tew-827dru_firmware
|
Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses credentials for the smb functionality of the device. Usernames and passwords for all smb users are revealed in plaintext on the smbserv…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2021-20164
|
2024-11-21 14:46 |
2021-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200040
|
4.9 |
MEDIUM
Network
|
trendnet
|
tew-827dru_firmware
|
Trendnet AC2600 TEW-827DRU version 2.08B01 leaks information via the ftp web page. Usernames and passwords for all ftp users are revealed in plaintext on the ftpserver.asp page.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2021-20163
|
2024-11-21 14:46 |
2021-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
