cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-34947,https://securityvulnerability.io/vulnerability/CVE-2021-34947,Remote Code Execution Vulnerability in NETGEAR R7800 Routers,"The vulnerability affects NETGEAR R7800 routers, enabling potential attackers on the same network to execute arbitrary code without authentication. This issue arises from inadequate validation of user-supplied data within the parsing of the soap_block_table file, which can lead to a write past the allocated data structure. As a consequence, attackers may exploit this flaw to execute code with root privileges, posing a significant security risk to affected devices.",Netgear,R7800,8.8,HIGH,0.0005300000193528831,false,,false,false,false,,,false,false,,2024-05-07T22:54:22.897Z,0
CVE-2021-45623,https://securityvulnerability.io/vulnerability/CVE-2021-45623,Command Injection Vulnerability in NETGEAR Routers,"A command injection vulnerability exists in certain NETGEAR routers that allows unauthenticated attackers to execute arbitrary commands. Devices affected include R7800 before version 1.0.2.74, R9000 before version 1.0.5.2, and XR500 prior to version 2.3.2.66. Proper updates are necessary to mitigate the risk of unauthorized access and control.",Netgear,R7800 Firmware,8.3,HIGH,0.003980000037699938,false,,false,false,false,,,false,false,,2021-12-26T00:34:31.000Z,0
CVE-2021-27253,https://securityvulnerability.io/vulnerability/CVE-2021-27253,,"This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the rc_service parameter provided to apply_bind.cgi. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12303.",Netgear,R7800,8.8,HIGH,0.002240000059828162,false,,false,false,false,,,false,false,,2021-04-14T15:45:58.000Z,0
CVE-2021-27252,https://securityvulnerability.io/vulnerability/CVE-2021-27252,,This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the vendor_specific DHCP opcode. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12216.,Netgear,R7800,8.8,HIGH,0.0018400000408291817,false,,false,false,false,,,false,false,,2021-04-14T15:45:57.000Z,0
CVE-2021-27251,https://securityvulnerability.io/vulnerability/CVE-2021-27251,,This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Authentication is not required to exploit this vulnerability The specific flaw exists within handling of firmware updates. The issue results from a fallback to a insecure protocol to deliver updates. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12308.,Netgear,R7800,8.8,HIGH,0.001879999996162951,false,,false,false,false,,,false,false,,2021-04-14T15:45:56.000Z,0
CVE-2021-27257,https://securityvulnerability.io/vulnerability/CVE-2021-27257,,This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via FTP. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-12362.,Netgear,R7800,6.5,MEDIUM,0.001769999973475933,false,,false,false,false,,,false,false,,2021-03-05T20:00:26.000Z,0
CVE-2021-27256,https://securityvulnerability.io/vulnerability/CVE-2021-27256,,"This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the rc_service parameter provided to apply_save.cgi. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12355.",Netgear,R7800,8.8,HIGH,0.002199999988079071,false,,false,false,false,,,false,false,,2021-03-05T20:00:25.000Z,0
CVE-2021-27255,https://securityvulnerability.io/vulnerability/CVE-2021-27255,,This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the refresh_status.aspx endpoint. The issue results from a lack of authentication required to start a service on the server. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12360.,Netgear,R7800,6.3,MEDIUM,0.008589999750256538,false,,false,false,false,,,false,false,,2021-03-05T20:00:24.000Z,0
CVE-2021-27254,https://securityvulnerability.io/vulnerability/CVE-2021-27254,,This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the apply_save.cgi endpoint. This issue results from the use of hard-coded encryption key. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-12287.,Netgear,R7800,6.3,MEDIUM,0.0022299999836832285,false,,false,false,false,,,false,false,,2021-03-05T20:00:23.000Z,0
CVE-2020-35786,https://securityvulnerability.io/vulnerability/CVE-2020-35786,,NETGEAR R7800 devices before 1.0.2.74 are affected by a buffer overflow by an authenticated user.,Netgear,R7800 Firmware,4.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-12-30T00:15:00.000Z,0
CVE-2020-35791,https://securityvulnerability.io/vulnerability/CVE-2020-35791,,"Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7800 before 1.0.2.68, R8900 before 1.0.5.2, and R9000 before 1.0.5.2.",Netgear,R7800 Firmware,6.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-12-30T00:15:00.000Z,0
CVE-2018-21213,https://securityvulnerability.io/vulnerability/CVE-2018-21213,,"Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.",Netgear,R7800 Firmware,8.8,HIGH,0.0007900000200606883,false,,false,false,false,,,false,false,,2020-04-28T15:40:20.000Z,0
CVE-2018-21200,https://securityvulnerability.io/vulnerability/CVE-2018-21200,,Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R7800 before 1.0.2.40 and R9000 before 1.0.3.6.,Netgear,R7800 Firmware,6.8,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-04-28T15:06:48.000Z,0
CVE-2018-21183,https://securityvulnerability.io/vulnerability/CVE-2018-21183,,"Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, and WNDR4300 before 1.0.2.94.",Netgear,R7800 Firmware,6.8,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-04-28T12:51:24.000Z,0
CVE-2018-21182,https://securityvulnerability.io/vulnerability/CVE-2018-21182,,"Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, and WNDR4300 before 1.0.2.94.",Netgear,R7800 Firmware,6.8,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-04-28T12:48:31.000Z,0
CVE-2018-21180,https://securityvulnerability.io/vulnerability/CVE-2018-21180,,"Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.",Netgear,R7800 Firmware,6.8,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-04-27T20:10:48.000Z,0
CVE-2018-21179,https://securityvulnerability.io/vulnerability/CVE-2018-21179,,"Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.30, R7500 before 1.0.0.122, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.",Netgear,R7800 Firmware,6.8,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-04-27T20:10:09.000Z,0
CVE-2018-21178,https://securityvulnerability.io/vulnerability/CVE-2018-21178,,"Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.",Netgear,R7800 Firmware,6.8,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-04-27T20:09:01.000Z,0
CVE-2018-21173,https://securityvulnerability.io/vulnerability/CVE-2018-21173,,"Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R7500 before 1.0.0.122, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.",Netgear,R7800 Firmware,6.8,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-04-27T17:39:46.000Z,0
CVE-2018-21172,https://securityvulnerability.io/vulnerability/CVE-2018-21172,,"Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.",Netgear,R7800 Firmware,6.8,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-04-27T17:38:02.000Z,0
CVE-2018-21171,https://securityvulnerability.io/vulnerability/CVE-2018-21171,,"Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R7800 before 1.0.2.40, R9000 before 1.0.3.6, WNDR3700v4 before 1.0.2.92, and WNDR4300 before 1.0.2.98.",Netgear,R7800 Firmware,6.8,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-04-27T17:36:49.000Z,0
CVE-2018-21170,https://securityvulnerability.io/vulnerability/CVE-2018-21170,,"Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects EX2700 before 1.0.1.28, R7800 before 1.0.2.40, WN2000RPTv3 before 1.0.1.20, WN3000RPv3 before 1.0.2.50, and WN3100RPv2 before 1.0.0.56.",Netgear,R7800 Firmware,8.8,HIGH,0.0007900000200606883,false,,false,false,false,,,false,false,,2020-04-27T17:35:14.000Z,0
CVE-2018-21158,https://securityvulnerability.io/vulnerability/CVE-2018-21158,,NETGEAR R7800 devices before 1.0.2.46 are affected by incorrect configuration of security settings.,Netgear,R7800 Firmware,8.8,HIGH,0.000699999975040555,false,,false,false,false,,,false,false,,2020-04-27T17:25:58.000Z,0
CVE-2018-21100,https://securityvulnerability.io/vulnerability/CVE-2018-21100,,NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.,Netgear,R7800 Firmware,7.6,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-04-27T17:06:51.000Z,0
CVE-2018-21099,https://securityvulnerability.io/vulnerability/CVE-2018-21099,,NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.,Netgear,R7800 Firmware,7.6,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-04-27T17:05:41.000Z,0