Skip to main content
CVE-2020-26919 CRITICAL POC KEV THREAT Act Now

NETGEAR JGS516PE devices before 2.6.0.43 are affected by lack of access control at the function level. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Jgs516Pe Firmware
NVD
CVSS 3.1
9.8
EPSS
57.2%
CVE-2020-26522 HIGH POC This Week

A cross-site request forgery (CSRF) vulnerability in mod/user/act_user.php in Garfield Petshop through 2020-10-01 allows remote attackers to hijack the authentication of administrators for requests. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Garfield Petshop
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2020-26927 CRITICAL Act Now

Certain NETGEAR devices are affected by authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Authentication Bypass Ac2100 Firmware Ac2400 Firmware Ac2600 Firmware +14
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-26908 CRITICAL Act Now

Certain NETGEAR devices are affected by authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Authentication Bypass D6200 Firmware D7000 Firmware Pr2000 Firmware +12
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-26928 CRITICAL Act Now

Certain NETGEAR devices are affected by authentication bypass. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Authentication Bypass Cbr40 Firmware Rbk752 Firmware Rbk852 Firmware +4
NVD
CVSS 3.1
9.6
EPSS
0.7%
CVE-2020-26926 CRITICAL Act Now

Certain NETGEAR devices are affected by authentication bypass. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Authentication Bypass Cbr40 Firmware Rbk752 Firmware Rbk852 Firmware +4
NVD
CVSS 3.1
9.6
EPSS
0.5%
CVE-2020-26921 HIGH This Week

Certain NETGEAR devices are affected by authentication bypass. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Authentication Bypass Gs110Emx Firmware Gs810Emx Firmware Xs512Em Firmware +1
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2020-26920 HIGH This Week

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection Srk60 Firmware Srr60 Firmware Srs60 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-26912 HIGH This Week

Certain NETGEAR devices are affected by CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear CSRF D6200 Firmware D7000 Firmware Jr6150 Firmware +11
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-26911 HIGH This Week

Certain NETGEAR devices are affected by lack of access control at the function level. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure D6200 Firmware D7000 Firmware Jr6150 Firmware +11
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-26909 HIGH This Week

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection D7800 Firmware R7500V2 Firmware
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2020-26907 HIGH This Week

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection Rbk852 Firmware Rbr850 Firmware Rbs850 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-26906 HIGH This Week

Certain NETGEAR devices are affected by disclosure of administrative credentials. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Cbr40 Firmware Rbk752 Firmware Rbr750 Firmware +4
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-26905 HIGH This Week

Certain NETGEAR devices are affected by disclosure of administrative credentials. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Cbr40 Firmware Rbk752 Firmware Rbr750 Firmware +4
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2020-26904 HIGH This Week

Certain NETGEAR devices are affected by disclosure of administrative credentials. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Cbr40 Firmware Rbk752 Firmware Rbr750 Firmware +4
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-26903 HIGH This Week

Certain NETGEAR devices are affected by disclosure of administrative credentials. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Cbr40 Firmware Rbk752 Firmware Rbr750 Firmware +4
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-26902 HIGH This Week

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection Rbk752 Firmware Rbr750 Firmware Rbs750 Firmware +3
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2020-26900 HIGH This Week

Certain NETGEAR devices are affected by disclosure of administrative credentials. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Cbr40 Firmware Rbk752 Firmware Rbr750 Firmware +4
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-26898 HIGH This Week

NETGEAR RAX40 devices before 1.0.3.80 are affected by incorrect configuration of security settings. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Rax40 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-26897 HIGH This Week

Certain NETGEAR devices are affected by disclosure of administrative credentials. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Cbr40 Firmware Rbk752 Firmware Rbr750 Firmware +4
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-15838 HIGH This Week

The Agent Update System in ConnectWise Automate before 2020.8 allows Privilege Escalation because the _LTUPDATE folder has weak permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Automate
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-26929 HIGH This Week

Certain NETGEAR devices are affected by command injection by an authenticated user. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Netgear Command Injection R6230 Firmware R6220 Firmware
NVD
CVSS 3.1
8.0
EPSS
0.9%
CVE-2020-26914 HIGH This Week

Certain NETGEAR devices are affected by command injection by an authenticated user. Rated high severity (CVSS 7.1). No vendor patch available.

Netgear Command Injection D6200 Firmware D7000 Firmware Jr6150 Firmware +11
NVD
CVSS 3.1
7.1
EPSS
0.8%
CVE-2020-26913 MEDIUM This Month

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Netgear Memory Corruption D6100 Firmware R7800 Firmware +19
NVD
CVSS 3.1
6.8
EPSS
0.6%
CVE-2020-26910 MEDIUM This Month

Certain NETGEAR devices are affected by command injection by an authenticated user. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Netgear Command Injection Cbr40 Firmware Rbk752 Firmware Rbr750 Firmware +4
NVD
CVSS 3.1
6.8
EPSS
1.0%
CVE-2020-9105 MEDIUM This Month

Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an insufficient input validation vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Taurus An00B Firmware
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2020-26922 MEDIUM This Month

Certain NETGEAR devices are affected by command injection by an authenticated user. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Netgear Command Injection Wc7500 Firmware Wc7600 Firmware Wc7600V2 Firmware +1
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-26931 MEDIUM This Month

Certain NETGEAR devices are affected by disclosure of sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Wc7500 Firmware Wc7600 Firmware Wc9500 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-26924 MEDIUM This Month

Certain NETGEAR devices are affected by disclosure of sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Wac720 Firmware Wac730 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-26901 MEDIUM This Month

Certain NETGEAR devices are affected by disclosure of sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Rbk752 Firmware Rbr750 Firmware Rbs750 Firmware +3
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-26899 MEDIUM This Month

Certain NETGEAR devices are affected by disclosure of sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Cbr40 Firmware Rbk752 Firmware Rbr750 Firmware +4
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-26916 MEDIUM This Month

Certain NETGEAR devices are affected by incorrect configuration of security settings. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure D6200 Firmware D7000 Firmware Jr6150 Firmware +11
NVD
CVSS 3.1
6.3
EPSS
0.5%
CVE-2020-26162 MEDIUM This Month

Xerox WorkCentre EC7836 before 073.050.059.25300 and EC7856 before 073.020.059.25300 devices allow XSS via Description pages. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Workcentre Ec7836 Firmware Workcentre Ec7856 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-13955 MEDIUM PATCH This Month

HttpUtils#getURLConnection method disables explicitly hostname verification for HTTPS connections making clients vulnerable to man-in-the-middle attacks. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apache Information Disclosure Splunk Calcite
NVD
CVSS 3.1
5.9
EPSS
2.1%
CVE-2020-26923 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear Wc7500 Firmware Wc7600 Firmware Wc7600V2 Firmware +1
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2020-26918 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear Ex7000 Firmware R6250 Firmware R6400 Firmware +7
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-26917 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear Ex7000 Firmware R6250 Firmware R6400 Firmware +6
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-26915 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware R7500V2 Firmware R7800 Firmware +8
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2020-13626 MEDIUM This Month

OnePlus App Locker through 2020-10-06 allows physically proximate attackers to use Google Assistant to bypass an authorization check in order to send an SMS message when the SMS application is locked. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass App Locker
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2020-26930 LOW Monitor

NETGEAR EX7700 devices before 1.0.0.210 are affected by incorrect configuration of security settings. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear Information Disclosure Ex7700 Firmware
NVD
CVSS 3.1
3.8
EPSS
0.5%
CVE-2020-26925 LOW Monitor

NETGEAR GS808E devices before 1.7.1.0 are affected by denial of service. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity. No vendor patch available.

Netgear Denial Of Service Gs808E Firmware
NVD
CVSS 3.1
3.2
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy