cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-45557,https://securityvulnerability.io/vulnerability/CVE-2021-45557,Command Injection Vulnerability in NETGEAR Switches,"Certain NETGEAR devices are susceptible to command injection vulnerabilities that can be exploited by authenticated users. This flaw affects various models of NETGEAR switches, allowing attackers to execute arbitrary commands within the device's operating environment. This could lead to unauthorized control and manipulation of system settings, potentially compromising network security.",Netgear,Gc108p Firmware,7.5,HIGH,0.001769999973475933,false,,false,false,false,,,false,false,,2021-12-26T00:50:45.000Z,0
CVE-2021-41314,https://securityvulnerability.io/vulnerability/CVE-2021-41314,Web UI Injection Vulnerability in NETGEAR Smart Switches,"Certain NETGEAR smart switches exhibit a vulnerability in their web UI's password field, allowing an attacker to exploit weaknesses in the authentication mechanism. This flaw enables an unauthenticated attacker to craft admin sessions or overwrite files with specific content. Such access can compromise the web UI's integrity and allow full administrative control. Affected models require prompt attention to mitigate potential risks.",Netgear,Gc108p Firmware,8.8,HIGH,0.0017800000496208668,false,,false,false,false,,,false,false,,2021-09-16T22:00:37.000Z,0
CVE-2021-40867,https://securityvulnerability.io/vulnerability/CVE-2021-40867,Authentication Hijacking Vulnerability in NETGEAR Smart Switches,"Certain NETGEAR smart switches are exposed to a race-condition vulnerability allowing unauthenticated attackers to hijack an admin's login session. This vulnerability arises when an attacker shares the same source IP address as an administrator, which can occur in scenarios such as NAT environments or if the attacker already has access to the admin's machine. The multi-step HTTP authentication process utilized by these switches is inadequately secured, as it relies solely on the source IP address, thereby allowing attackers to manipulate authentication sessions and potentially gain unauthorized administrative access to the device.",Netgear,Gc108p Firmware,7.8,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2021-09-13T07:17:31.000Z,0
CVE-2021-40866,https://securityvulnerability.io/vulnerability/CVE-2021-40866,Unauthenticated Remote Admin Access in NETGEAR Smart Switches,"A vulnerability has been identified in certain NETGEAR smart switches that allows unauthenticated attackers to remotely change the admin password. This is made possible through the /sqfs/bin/sccd daemon that does not adequately verify authentication when receiving NSDP packets without the necessary authentication TLV. This issue affects multiple versions of various smart switch models, potentially exposing network configurations to unauthorized changes.",Netgear,Gc108p Firmware,9.8,CRITICAL,0.0016899999463930726,false,,false,false,false,,,false,false,,2021-09-13T07:16:58.000Z,0
CVE-2021-33514,https://securityvulnerability.io/vulnerability/CVE-2021-33514,,"Certain NETGEAR devices are affected by command injection by an unauthenticated attacker via the vulnerable /sqfs/lib/libsal.so.0.0 library used by a CGI application, as demonstrated by setup.cgi?token=';$HTTP_USER_AGENT;' with an OS command in the User-Agent field. This affects GC108P before 1.0.7.3, GC108PP before 1.0.7.3, GS108Tv3 before 7.0.6.3, GS110TPPv1 before 7.0.6.3, GS110TPv3 before 7.0.6.3, GS110TUPv1 before 1.0.4.3, GS710TUPv1 before 1.0.4.3, GS716TP before 1.0.2.3, GS716TPP before 1.0.2.3, GS724TPPv1 before 2.0.4.3, GS724TPv2 before 2.0.4.3, GS728TPPv2 before 6.0.6.3, GS728TPv2 before 6.0.6.3, GS752TPPv1 before 6.0.6.3, GS752TPv2 before 6.0.6.3, MS510TXM before 1.0.2.3, and MS510TXUP before 1.0.2.3.",Netgear,Gc108p Firmware,8.8,HIGH,0.08150999993085861,false,,false,false,false,,,false,false,,2021-05-21T23:15:00.000Z,0