Skip to main content

Rax40 Firmware CVE-2020-26898

HIGH
2020-10-09 cve@mitre.org
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Oct 09, 2020 - 07:15 nvd
HIGH 8.8

DescriptionNVD

NETGEAR RAX40 devices before 1.0.3.80 are affected by incorrect configuration of security settings.

AnalysisAI

NETGEAR RAX40 devices before 1.0.3.80 are affected by incorrect configuration of security settings. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

NETGEAR RAX40 devices before 1.0.3.80 are affected by incorrect configuration of security settings. Affected products include: Netgear Rax40 Firmware. Version information: before 1.0.3.80.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2022-48196 CRITICAL
9.8 Dec 30

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. Rated critical severity (CVSS

CVE-2020-35800 CRITICAL
9.4 Dec 30

Certain NETGEAR devices are affected by incorrect configuration of security settings. Rated critical severity (CVSS 9.4)

CVE-2021-45493 HIGH
7.5 Dec 26

Certain NETGEAR devices are affected by disclosure of administrative credentials. Rated high severity (CVSS 7.5), this v

CVE-2021-38526 HIGH
7.5 Aug 11

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. Rated high severity (CVSS 7.5)

CVE-2021-41449 HIGH
7.1 Dec 09

A path traversal attack in web interfaces of Netgear RAX35, RAX38, and RAX40 routers before v1.0.4.102, allows a remote

CVE-2021-45549 MEDIUM
6.8 Dec 26

Certain NETGEAR devices are affected by command injection by an authenticated user. Rated medium severity (CVSS 6.8), th

CVE-2021-38533 MEDIUM
5.4 Aug 11

NETGEAR RAX40 devices before 1.0.3.64 are affected by stored XSS. Rated medium severity (CVSS 5.4), this vulnerability i

CVE-2021-45672 MEDIUM
4.8 Dec 26

Certain NETGEAR devices are affected by Stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exp

CVE-2021-38537 MEDIUM
4.8 Aug 11

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exp

CVE-2021-38536 MEDIUM
4.8 Aug 11

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exp

CVE-2021-38535 MEDIUM
4.8 Aug 11

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exp

CVE-2021-45604 MEDIUM
4.5 Dec 26

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. Rated medium severity (C

Share

CVE-2020-26898 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy